Avoiding set_dc_type_and_flags() for trusted domains
Gerald (Jerry) Carter
jerry at samba.org
Fri Mar 23 21:28:18 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gerald (Jerry) Carter wrote:
> Hey Guenther,
>
> What do yo think about this patch (just actually testing it now).
> It uses information from DsEnumerateDomainTrusts() to fill
> in the dc_type and trust flags so we don't have to actually
> contact the trusted DC.
>
> The reason I'm doing this is to support one way outgoing
> trusts between forests. In this case we can't actually
> contact the trusted DC as we have no credentials.
> I'm just experimenting right now. Thought you might be
> interested.
>
> btw...This can only be done when our primary domain is AD.
If we could get rid of the need for the struct
winbindd_domain->native_mode flag we could just use the
information returned from DsEnumerateDomainTrusts() which
means not contacting trusted DC's at all in
set_dc_type_and_flags().
Looks like right now we only use that to determine if
(a) We need to fetch the sequence number via LDAP, and
(b) We need to enumerate domain local groups
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGBEZyIR7qMdg1EfYRApLtAKCXxS4X0DN8Ux4N/FXXMFmfN6vjjwCdFIuZ
PwMr28fCsO8/kupx8lrab+o=
=+/xD
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list