[PATCH] Correctly handle !authoritative in the rpc-based auth backends
Stefan Metzmacher
metze at samba.org
Thu Mar 16 07:51:49 UTC 2017
Am 16.03.2017 um 07:52 schrieb Andrew Bartlett via samba-technical:
> On Thu, 2017-03-16 at 07:44 +0100, Volker Lendecke wrote:
>> The one I really care about from a personal perspective is the patch
>> to remove "map untrusted to domain".
>
> Understood.
>
> However as it hasn't been marked deprecated yet, we can't just drop it.
The point here is that we do the mapping in the wrong location,
we can keep the option "map unby implementing a fallback
*after* we get 'authoritative=0' from the dc.
But we definitely need to remove the completely broken
design of doing the mapping based on our by design incomplete
knowledge of possible trusted domains, before asking the backends.
Basically we would need something like:
"anonymous sam_strict winbind winbind_untrusted_to_domain sam_ignoredomain"
While winbind_untrusted_to_domain will be a noop
for the default "map untrusted to domain = no".
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170316/861648cb/signature.sig>
More information about the samba-technical
mailing list