[Samba] Enhancement of wbinfo in samba2.2.6pre2
Nir Soffer
nirs at exanet.com
Mon Sep 2 07:34:01 GMT 2002
> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org]
> Sent: Monday, September 02, 2002 12:57 PM
> To: Nir Soffer
> Cc: Andrew Bartlett; Patrik Gustavsson PS Sweden Senior
> Technical Consultant; samba at samba.org
> Subject: Re: [Samba] Enhancement of wbinfo in samba2.2.6pre2
>
>
> Nir Soffer wrote:
> >
> > > Nir Soffer wrote:
> > > >
> > > > >
> > > > > Patrik Gustavsson PS Sweden Senior Technical Consultant wrote:
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > Most of the samba-commands takes a option for smb.conf file
> > > > > > exept for wbinfo.
> > > > > > It should be nice to have that functionallity in
> wbinfo also.
> > > > >
> > > > > Actually, we should work to remove the need for wbinfo to
> > > use smb.conf
> > > > > at all.
> > > > >
> > > > > Why do you need this?
> > > >
> > > > I don't know why the first poster needed it, but I know I
> > > need such an
> > > > option (and writing a patch for it is on my todo list,
> > > really, it is!),
> > > > because my smb.conf is in nonstandard locations.
> >
> > [snip]
> >
> > > > So I understand wbinfo wants the workgroup and the
> > > seperator, and the
> > > > client code page. Where can I get it besides smb.conf, as a
> > > commandline
> > > > paramater?
> > >
> > > From winbindd. If winbind is operating correctly, then
> it should not
> > > consult the smb.conf, except for the -A option. The only
> issue reason
> > > these are in at all is due to some circular dependencies,
> and the need
> > > to put some authenticaion over the winbind pipe (so the
> > > username/password -A can be set by winbindd, but only by a
> > > root client).
> >
> > Sorry, I'm not following, bear with me for a minute?
> >
> > winbindd can tell me what the seperator is and what the workgroup is
> > with a simple request? I see this line:
> > { WINBINDD_DOMAIN_NAME, winbindd_domain_name,
> "DOMAIN_NAME" },
> >
> > in winbindd.c , so that presumably is the entry point for
> asking what
> > domain it's bound to, and the seperator is apparently returned with:
> >
> > { WINBINDD_INFO, winbindd_info, "INFO" }, , perhaps?
> >
> > So if winbindd is running correctly, what circular dependencies are
> > there?
>
> The problem is that if winbindd's PDC requires authenticaion (ie
> RestrictAnonymous is in effect) then it won't handle reqests until it
> logs in. But if we don't read the smb.conf locally, we can't
> split the
> username correctly, or find the location of secrets.tdb...
Is it (in theory, at least), possible to block at least _some_ requests
when there's no connection to the PDC?
More information about the samba
mailing list