]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
docs-xml: Enable `winbind use krb5 enterprise principals` by default
authorAndreas Schneider <asn@samba.org>
Tue, 15 Jun 2021 14:14:11 +0000 (16:14 +0200)
committerAndreas Schneider <asn@cryptomilk.org>
Wed, 23 Jun 2021 09:56:37 +0000 (09:56 +0000)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
WHATSNEW.txt
docs-xml/smbdotconf/winbind/winbindusekrb5enterpriseprincipals.xml
lib/param/loadparm.c
selftest/target/Samba3.pm
source3/param/loadparm.c

index b36036a25d4c990d2c59de3dbb053434b3e4834d..aa4f76ae4d06d240bcd09aaa13d71de5d605f342 100644 (file)
@@ -128,6 +128,7 @@ smb.conf changes
   --------------                     -----------                -------
   client use kerberos                New                        desired
   client protection                  New                        default
+  winbind use krb5 enterprise principals  Changed               Yes
 
 
 KNOWN ISSUES
index 441664eb42d1988d4bb2ab761bbda1a0820b90b3..d30b7f36a07bde39888da8e090f0529a8443c843 100644 (file)
@@ -29,6 +29,6 @@
        </para>
 </description>
 
-<value type="default">no</value>
-<value type="example">yes</value>
+<value type="default">yes</value>
+<value type="example">no</value>
 </samba:parameter>
index 54920b850277855a7969b82ea0df9ab793a43249..0bd5034174b562b608690c6b329d966ac128cb43 100644 (file)
@@ -2964,6 +2964,10 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
                                  "acl flag inherited canonicalization",
                                  "yes");
 
+       lpcfg_do_global_parameter(lp_ctx,
+                                 "winbind use krb5 enterprise principals",
+                                 "yes");
+
        for (i = 0; parm_table[i].label; i++) {
                if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
                        lp_ctx->flags[i] |= FLAG_DEFAULT;
index 50311e0c7b9c66bebe474698662e4996955cf611..efa63626ecb96655a02b1dbc422cfc953e37847e 100755 (executable)
@@ -703,7 +703,6 @@ sub provision_ad_member
        auth event notification = true
        password server = $dcvars->{SERVER}
        winbind scan trusted domains = no
-       winbind use krb5 enterprise principals = yes
        winbind offline logon = $option_offline_logon
 
        allow dcerpc auth level connect:lsarpc = yes
index d3b9de4a09a0965dee198f57bae62ba1d4df37b8..8db7e64210f0ee3d199852fedc0309cc0b86cd65 100644 (file)
@@ -963,6 +963,8 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 
        Globals.client_protection = CRED_CLIENT_PROTECTION_DEFAULT;
 
+       Globals.winbind_use_krb5_enterprise_principals = true;
+
        /* Now put back the settings that were set with lp_set_cmdline() */
        apply_lp_set_cmdline();
 }