[Samba] Corruption of winbind cache after converting NT4 to AD domain

Sat Feb 12 12:27:31 UTC 2022

12.02.2022 15:04, Michael Tokarev via samba wrote:
..
> Again, I'm not asking about personal preferences, but about the concept.

Just to give an example - what I'm talking about.

Many IP networking concepts come from BSD IP stack. There was a concept of
ethernet segment. With a few, as it seemed, conceptual properties. It must
have a network address, it must have a broadcast address, and regular IP
addresses.  For example, 192.168.1.0/24 - network address is 192.168.1.0,
broadcast is 192.168.1.255, and other numbers in-between are regular.

But for many decades, network address is not used, and broadcast, while
used, is used by certain services only (eg netbios which is going away
too).

And actually, neither network nor broadcast addresses are *required* for
communication between regular hosts, - there's nothing neither in
Ethernet nor IP which relies on them.

But some people still think there's no "ethernet segment" without network
and broadcast addresses, it just does not exist. And this is mostly b/c
some software still uses BSD-derived implementation which requires these
(the _implementation_, not actual way it works). Some software or hardware
(eg cisco) requires these addresses. That's probably why some people
think that not having network/broadcast is an error which should be fixed
first before any other debugging is done - nope, it should not, linux
works just fine without these, and other implementation will do too
if they just stop verifying that these addresses are set and refusing
to do if they're not.

On linux I can have a /32 address (actually many of them) on an interface
and as many /32 routes on the same interface as I want, - essentially making
an ethernet interface to act like point-to-point interface (with ARP working
behind the scenes as it is used on ethernet). And it is not an error on the
linux part that cisco does not allow such configuration or that some people
who configure cisco does not know how to configure that on a cisco router.

What I'm saying is: network and broadcast addresses are optional, it is not
part of "ethernet segment" *concept*, IP over ethernet works just fine w/o
them.

The same applies to our discussion about AD users and local users. So far
I don't see why conceptually they should be entirely separate instead of
complimenting each other. I'm not talking about currently implemented
scenario in winbind (which seem to rely on them being separate without
verifying if this is the case, and behaving inconsistently/buggy if they're
not).

Thanks,

/mjt