samba - Apr 2015 - RFC2307 attributes not being read by DC2 in 4.2.1

> . I do not think that you can turn off the built-in 'winbind' 
> except by using the separate 'winbindd' daemon.
> 
Yes, and I think the same as you. He would STILL BE USING WINBINDD. The 
only difference was that he would also be including a EXPLICIT -winbind 
instruction instead of only disabling it implicitly. If you don't see the 
difference I don't know what more to say...

On 23/04/15 19:20, Miguel Medalha wrote:
>> . I do not think that you can turn off the built-in 'winbind'
>> except by using the separate 'winbindd' daemon.
>>
> Yes, and I think the same as you. He would STILL BE USING WINBINDD. The
> only difference was that he would also be including a EXPLICIT -winbind
> instruction instead of only disabling it implicitly. If you don't see
the
> difference I don't know what more to say...
I see what you mean, but because he had the line:

server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbindd, ntp_signd, kcc, dnsupdate

in his smb.conf because he is using bind9, replacing 'winbindd' in that 
line, should be the same as 'server services = -winbindd +winbind' on a 
DC that uses the internal DNS server. If you run 'samba-tool testparm 
-v' on a DC that uses the internal DNS, even though there is no 'server 
services' line shown in smb.conf, you will get the default one 
displayed, that is why you need to add 'server services = -winbindd 
+winbind', it turns off the first because it is the default and adds the 
second to replace it, but changing one for the other on a line set in 
smb.conf should do the same, and as you said 'If you don't see the 
difference I don't know what more to say...'

Rowland

> 
> in his smb.conf because he is using bind9, replacing 'winbindd' in
that
> line, should be the same as 'server services = -winbindd +winbind'
on a
> DC that uses the internal DNS server. If you run 'samba-tool testparm 
> -v' on a DC that uses the internal DNS, even though there is no
'server
> services' line shown in smb.conf, you will get the default one 
> displayed, that is why you need to add 'server services = -winbindd 
> +winbind', it turns off the first because it is the default and adds
the
> second to replace it, but changing one for the other on a line set in 
> smb.conf should do the same, and as you said 'If you don't see the 
> difference I don't know what more to say...'
> 
Of course you are correct, but I am not talking about that. His line is:

server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, 
ntp_signd, kcc, dnsupdate

What I am proposing is:

server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, 
ntp_signd, kcc, dnsupdate, -WINBIND (upper case for emphasis only)

I was proposing the same line he already has but with the ADDITION of 
explicitly disabling the internal service instead of doing it implicitly. 
 I know that winbindd is the new default but what if the internal service 
is NOT being correctly disabled and it conflicts with winbindd? Are you 
certain the eventual bug is not here?