Patrik Gustavsson PS Sweden Senior Technical Consultant
2002-Aug-30 01:40 UTC
[Samba] Enhancement of wbinfo in samba2.2.6pre2
Hi, Most of the samba-commands takes a option for smb.conf file exept for wbinfo. It should be nice to have that functionallity in wbinfo also. /Patrik -- "In a world without fences who needs Gates" Patrik Gustavsson, Senior Technical Consultant patrik.gustavsson@sun.com Telephone: +46 60 671540 http://glen.sweden Mobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 --------------------------------------------------------------
Patrik Gustavsson PS Sweden Senior Technical Consultant wrote:> > Hi, > > Most of the samba-commands takes a option for smb.conf file > exept for wbinfo. > It should be nice to have that functionallity in wbinfo also.Actually, we should work to remove the need for wbinfo to use smb.conf at all. Why do you need this? Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net
> > Patrik Gustavsson PS Sweden Senior Technical Consultant wrote: > > > > Hi, > > > > Most of the samba-commands takes a option for smb.conf file > > exept for wbinfo. > > It should be nice to have that functionallity in wbinfo also. > > Actually, we should work to remove the need for wbinfo to use smb.conf > at all. > > Why do you need this?I don't know why the first poster needed it, but I know I need such an option (and writing a patch for it is on my todo list, really, it is!), because my smb.conf is in nonstandard locations. As for removing smb.conf dependance altogether - I see the following snippets in the code: -- if (winbindd_request(WINBINDD_INFO, NULL, &response) ! NSS_STATUS_SUCCESS) { printf("could not obtain winbind separator!\n"); /* HACK: (this module should not call lp_ funtions) */ return *lp_winbind_separator(); } -- if (!sep) { printf("winbind separator was NULL!\n"); /* HACK: (this module should not call lp_ funtions) */ sep = *lp_winbind_separator(); } -- if (winbindd_request(WINBINDD_DOMAIN_NAME, NULL, &response) ! NSS_STATUS_SUCCESS) { printf("could not obtain winbind domain name!\n"); /* HACK: (this module should not call lp_ funtions) */ return lp_workgroup(); } -- codepage_initialise(lp_client_code_page()); -- So I understand wbinfo wants the workgroup and the seperator, and the client code page. Where can I get it besides smb.conf, as a commandline paramater? Nir. -- Nir Soffer -=- Software Engineer, Exanet Inc. -=- "Father, why are all the children weeping? / They are merely crying son O, are they merely crying, father? / Yes, true weeping is yet to come" -- Nick Cave and the Bad Seeds, The Weeping Song
> Nir Soffer wrote: > > > > > > > > Patrik Gustavsson PS Sweden Senior Technical Consultant wrote: > > > > > > > > Hi, > > > > > > > > Most of the samba-commands takes a option for smb.conf file > > > > exept for wbinfo. > > > > It should be nice to have that functionallity in wbinfo also. > > > > > > Actually, we should work to remove the need for wbinfo to > use smb.conf > > > at all. > > > > > > Why do you need this? > > > > I don't know why the first poster needed it, but I know I > need such an > > option (and writing a patch for it is on my todo list, > really, it is!), > > because my smb.conf is in nonstandard locations.[snip]> > So I understand wbinfo wants the workgroup and the > seperator, and the > > client code page. Where can I get it besides smb.conf, as a > commandline > > paramater? > > From winbindd. If winbind is operating correctly, then it should not > consult the smb.conf, except for the -A option. The only issue reason > these are in at all is due to some circular dependencies, and the need > to put some authenticaion over the winbind pipe (so the > username/password -A can be set by winbindd, but only by a > root client).Sorry, I'm not following, bear with me for a minute? winbindd can tell me what the seperator is and what the workgroup is with a simple request? I see this line: { WINBINDD_DOMAIN_NAME, winbindd_domain_name, "DOMAIN_NAME" }, in winbindd.c , so that presumably is the entry point for asking what domain it's bound to, and the seperator is apparently returned with: { WINBINDD_INFO, winbindd_info, "INFO" }, , perhaps? So if winbindd is running correctly, what circular dependencies are there? Also - what piece of information does wbinfo need for -A? I didn't find anything it did with an lp_* function in that context.> That's why all the lp_*() users have HACK written above them...That I gathered :) Nir. -- Nir Soffer -=- Software Engineer, Exanet Inc. -=- "Father, why are all the children weeping? / They are merely crying son O, are they merely crying, father? / Yes, true weeping is yet to come" -- Nick Cave and the Bad Seeds, The Weeping Song
> -----Original Message----- > From: Andrew Bartlett [mailto:abartlet@samba.org] > Sent: Monday, September 02, 2002 12:57 PM > To: Nir Soffer > Cc: Andrew Bartlett; Patrik Gustavsson PS Sweden Senior > Technical Consultant; samba@samba.org > Subject: Re: [Samba] Enhancement of wbinfo in samba2.2.6pre2 > > > Nir Soffer wrote: > > > > > Nir Soffer wrote: > > > > > > > > > > > > > > Patrik Gustavsson PS Sweden Senior Technical Consultant wrote: > > > > > > > > > > > > Hi, > > > > > > > > > > > > Most of the samba-commands takes a option for smb.conf file > > > > > > exept for wbinfo. > > > > > > It should be nice to have that functionallity in > wbinfo also. > > > > > > > > > > Actually, we should work to remove the need for wbinfo to > > > use smb.conf > > > > > at all. > > > > > > > > > > Why do you need this? > > > > > > > > I don't know why the first poster needed it, but I know I > > > need such an > > > > option (and writing a patch for it is on my todo list, > > > really, it is!), > > > > because my smb.conf is in nonstandard locations. > > > > [snip] > > > > > > So I understand wbinfo wants the workgroup and the > > > seperator, and the > > > > client code page. Where can I get it besides smb.conf, as a > > > commandline > > > > paramater? > > > > > > From winbindd. If winbind is operating correctly, then > it should not > > > consult the smb.conf, except for the -A option. The only > issue reason > > > these are in at all is due to some circular dependencies, > and the need > > > to put some authenticaion over the winbind pipe (so the > > > username/password -A can be set by winbindd, but only by a > > > root client). > > > > Sorry, I'm not following, bear with me for a minute? > > > > winbindd can tell me what the seperator is and what the workgroup is > > with a simple request? I see this line: > > { WINBINDD_DOMAIN_NAME, winbindd_domain_name, > "DOMAIN_NAME" }, > > > > in winbindd.c , so that presumably is the entry point for > asking what > > domain it's bound to, and the seperator is apparently returned with: > > > > { WINBINDD_INFO, winbindd_info, "INFO" }, , perhaps? > > > > So if winbindd is running correctly, what circular dependencies are > > there? > > The problem is that if winbindd's PDC requires authenticaion (ie > RestrictAnonymous is in effect) then it won't handle reqests until it > logs in. But if we don't read the smb.conf locally, we can't > split the > username correctly, or find the location of secrets.tdb...Is it (in theory, at least), possible to block at least _some_ requests when there's no connection to the PDC?