[PATCH] Correctly handle !authoritative in the rpc-based auth backends
Stefan Metzmacher
metze at samba.org
Thu Mar 16 07:57:29 UTC 2017
Am 16.03.2017 um 08:51 schrieb Stefan Metzmacher:
> Am 16.03.2017 um 07:52 schrieb Andrew Bartlett via samba-technical:
>> On Thu, 2017-03-16 at 07:44 +0100, Volker Lendecke wrote:
>>> The one I really care about from a personal perspective is the patch
>>> to remove "map untrusted to domain".
>>
>> Understood.
>>
>> However as it hasn't been marked deprecated yet, we can't just drop it.
>
> The point here is that we do the mapping in the wrong location,
> we can keep the option "map unby implementing a fallback
> *after* we get 'authoritative=0' from the dc.
>
> But we definitely need to remove the completely broken
> design of doing the mapping based on our by design incomplete
> knowledge of possible trusted domains, before asking the backends.
>
> Basically we would need something like:
> "anonymous sam_strict winbind winbind_untrusted_to_domain sam_ignoredomain"
>
> While winbind_untrusted_to_domain will be a noop
> for the default "map untrusted to domain = no".
It's is_trusted_domain() that need to go!
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170316/02c2163d/signature.sig>
More information about the samba-technical
mailing list