[PATCH] change 'winbind rpc only' to default to true
Michael Adam
obnox at samba.org
Thu Jun 16 22:06:58 UTC 2016
On 2016-06-16 at 14:50 -0700, Jeremy Allison wrote:
> On Thu, Jun 16, 2016 at 11:34:02AM +0200, Michael Adam wrote:
> > review / comments appreciated
> >
> > Michael
>
> > From f75209bd8c87523db70fa99bef840d44cc980d16 Mon Sep 17 00:00:00 2001
> > From: Michael Adam <obnox at samba.org>
> > Date: Thu, 16 Jun 2016 09:54:06 +0200
> > Subject: [PATCH] winbind: change "winbind rpc only" to default to "yes"
> >
> > When using domain security and not ads security against
> > an AD domain, one ususally WANTS rpc...
>
> Hang on, isn't the below going to make winbindd using
> "security = ads" use RPC by default ?
>
> Here's the select code in source3/winbindd/winbindd_cache.c:et_cache()
>
> if (!domain->backend) {
> #ifdef HAVE_ADS
> struct winbindd_domain *our_domain = domain;
>
> /* find our domain first so we can figure out if we
> are joined to a kerberized domain */
>
> if ( !domain->primary )
> our_domain = find_our_domain();
>
> if ((our_domain->active_directory || IS_DC)
> && domain->active_directory
> && !lp_winbind_rpc_only()) {
> DEBUG(5,("get_cache: Setting ADS methods for domain %s\n", domain->name));
> domain->backend = &reconnect_ads_methods;
> } else {
> #endif /* HAVE_ADS */
> DEBUG(5,("get_cache: Setting MS-RPC methods for domain %s\n", domain->name));
> domain->backend = &reconnect_methods;
> #ifdef HAVE_ADS
> }
> #endif /* HAVE_ADS */
> }
>
> The above only selects reconnect_ads_methods if:
>
> our_domain->active_directory AND domain->active_directory AND !lp_winbind_rpc_only
>
> so setting the default to "yes" will force reconnect_methods.
>
> Am I missing something here ?
The "!" before lp_winbind_rpc_only() ?
This is exactly the point:
When 'winbind rpc only' is set to "No" (the current default),
then ADS methods are forced (when te domain is AD).
I want that to change, hence proposing to set the default to Yes.
Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160617/31989457/signature.sig>
More information about the samba-technical
mailing list