Displaying 3 results from an estimated 3 matches for "wbflag_from_nss".
2020 Apr 02
2
Prevent `wbinfo -u` from making Winbind unresponsive
...wing lines in smb.conf:
> >
> > winbind enum users = no
> > winbind enum groups = no
>
> Ah, the winbindd code only prohibits
> enumerating users when requested from
> nsswitch lookups.
>
> The code looks like:
>
> if (request->wb_flags & WBFLAG_FROM_NSS && !lp_winbind_enum_users()) {
> tevent_req_done(req);
> return tevent_req_post(req, ev);
> }
>
> so making an explicit request via wbinfo will
> still do the enumeration.
The rpc client code uses the dcerpc call_id
field to allow...
2020 Apr 01
5
Prevent `wbinfo -u` from making Winbind unresponsive
Hi,
Recently I by mistake ran `wbinfo -u <username>` when I was actually intending to run `wbinfo -n <username>`. It ignored the <username> part and proceeded to fetch the usernames. On a small domain this shouldn't be too much of an issue, but I did it on a domain with thousands upon thousands of users. The result was that Winbind became for all intents and purposes
2020 Apr 01
0
Prevent `wbinfo -u` from making Winbind unresponsive
...hed locally like my UID.
>
> I do have the following lines in smb.conf:
>
> winbind enum users = no
> winbind enum groups = no
Ah, the winbindd code only prohibits
enumerating users when requested from
nsswitch lookups.
The code looks like:
if (request->wb_flags & WBFLAG_FROM_NSS && !lp_winbind_enum_users()) {
tevent_req_done(req);
return tevent_req_post(req, ev);
}
so making an explicit request via wbinfo will
still do the enumeration.