About adding a new 'winbind:allow domains' parameter
scabrero at samba.org
Wed Oct 9 10:27:34 UTC 2019
On Fri, Oct 04, 2019 at 07:08:26AM -0400, Jim McDonough via samba-technical wrote:
> On 10/4/19 5:50 AM, Andreas Schneider via samba-technical wrote:
> >> On Wed, Oct 02, 2019 at 05:57:52PM +0200, Stefan Metzmacher via
> >> samba-technical wrote:
> >>> I'd actually like to get rid of all this hacks and just trust our dc.
> > In the past we tried to communicate with the DC direclty. We had a child
> > running for each domain member. The assumptions we had date back to NT4 style
> > domain controllers. In the meantime we know we can only talk to our primary
> > trust to authenticate users and the DC will route the request for us.
> Actually, even with the NT domain controllers, this was technically the
> wrong thing to do. It just happens to work if you have two-way trusts.
> So really this was before we had protocol information and were
> investigating it ourselves.
Thanks a lot for your responses, definitely adding it is not the way to
Samuel Cabrero scabrero at samba.org
Samba Team www.samba.org
GPG: D7D6 E259 F91C F0B3 2E61 1239 3655 6EC9 7051 0856
More information about the samba-technical