[PATCH] Correctly handle !authoritative in the rpc-based auth backends
Andrew Bartlett
abartlet at samba.org
Thu Mar 23 20:51:14 UTC 2017
On Thu, 2017-03-23 at 17:48 +0100, Stefan Metzmacher wrote:
> Am 23.03.2017 um 10:03 schrieb Andrew Bartlett:
> > On Wed, 2017-03-22 at 17:00 +0100, Stefan Metzmacher wrote:
> > >
> > > + <para>
> > > + When this parameter is set to <smbconfoption name="map
> > > untrusted
> > > to domain">auto</smbconfoption> smbd will
> > > + deferr the mapping decision to the stack of auth method
> > > backends.
> > > + Each auth method is able to say I'm not authoritative and
> > > the
> > > + next backend will be used. This is basically the behavior
> > > + implemented in Windows.
> > > + </para>
> > > +
> >
> > Thanks for documenting the change. However the language needs some
> > work: Currently it describes too closely the C level changes
> > rather
> > than what changes for the user when the options are set (you can
> > say
> > 'assuming the default auth methods, as recommended' if you
> > like. Also,
> > the documentation shouldn't speculate about backports, this is
> > something we can fix when we backport.
> >
> > To make progress, could we skip this part until we get a test to
> > cover
> > the different values, and keep this patch set to just the "no
> > behaviour
> > change"?
>
> Ok, here's part one for https://bugzilla.samba.org/show_bug.cgi?id=29
> 76
>
> Except that we expose the authoritative=0 from the auth stacks to the
> netlogon
> client, there should be no behavior change.
I've reviewed this, and it will be in autobuild today unless I find a
bug (naturally). I'm changing tack and will see if I can get rpcclient
to help me out with some SamLogon testing, that and some wbinfo -a
should close off the concerns I had around the RODC.
Thanks,
Andrew Bartlett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170324/7e1021a3/signature.sig>
More information about the samba-technical
mailing list