[Samba] Enhancement of wbinfo in samba2.2.6pre2

Nir Soffer nirs at exanet.com
Mon Sep 2 07:34:01 GMT 2002 

> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org]
> Sent: Monday, September 02, 2002 12:57 PM
> To: Nir Soffer
> Cc: Andrew Bartlett; Patrik Gustavsson PS Sweden Senior 
> Technical Consultant; samba at samba.org
> Subject: Re: [Samba] Enhancement of wbinfo in samba2.2.6pre2
> 
> 
> Nir Soffer wrote:
> > 
> > > Nir Soffer wrote:
> > > >
> > > > >
> > > > > Patrik Gustavsson PS Sweden Senior Technical Consultant wrote:
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > Most of the samba-commands takes a option for smb.conf file
> > > > > > exept for wbinfo.
> > > > > > It should be nice to have that functionallity in 
> wbinfo also.
> > > > >
> > > > > Actually, we should work to remove the need for wbinfo to
> > > use smb.conf
> > > > > at all.
> > > > >
> > > > > Why do you need this?
> > > >
> > > > I don't know why the first poster needed it, but I know I
> > > need such an
> > > > option (and writing a patch for it is on my todo list,
> > > really, it is!),
> > > > because my smb.conf is in nonstandard locations.
> > 
> > [snip]
> > 
> > > > So I understand wbinfo wants the workgroup and the
> > > seperator, and the
> > > > client code page. Where can I get it besides smb.conf, as a
> > > commandline
> > > > paramater?
> > >
> > > From winbindd.  If winbind is operating correctly, then 
> it should not
> > > consult the smb.conf, except for the -A option.  The only 
> issue reason
> > > these are in at all is due to some circular dependencies, 
> and the need
> > > to put some authenticaion over the winbind pipe (so the
> > > username/password -A can be set by winbindd, but only by a
> > > root client).
> > 
> > Sorry, I'm not following, bear with me for a minute?
> > 
> > winbindd can tell me what the seperator is and what the workgroup is
> > with a simple request? I see this line:
> >         { WINBINDD_DOMAIN_NAME, winbindd_domain_name, 
> "DOMAIN_NAME" },
> > 
> > in winbindd.c , so that presumably is the entry point for 
> asking what
> > domain it's bound to, and the seperator is apparently returned with:
> > 
> >         { WINBINDD_INFO, winbindd_info, "INFO" }, , perhaps?
> > 
> > So if winbindd is running correctly, what circular dependencies are
> > there?
> 
> The problem is that if winbindd's PDC requires authenticaion (ie
> RestrictAnonymous is in effect) then it won't handle reqests until it
> logs in.  But if we don't read the smb.conf locally, we can't 
> split the
> username correctly, or find the location of secrets.tdb...

Is it (in theory, at least), possible to block at least _some_ requests
when there's no connection to the PDC?

More information about the samba mailing list