When we are no longer the natgw master, dont put the natgw ip on loopback.

We put the ip on loopback just to make sure we would still interoperate with
non-standard configurations on unix-KDC, that are configured to verify the optional
HostAddresses field.
This is not required for AD, since AD does not use this field, and is replaced in
unix land with other/better mechanisms than this "dodgy" check.

This makes it "easier" for applications that have bound to the natgw address
to detect a socket problem and try to reconnect/recover if the ip address
is completely missing from the system.

At the same time, use the winbind specific hook that exists to explicitely tell winbindd : this address is gone, so if you have bound to it, this is a good time to close and rebind your socket.

cq 1020333

diff --git a/config/events.d/11.natgw b/config/events.d/11.natgw
index 2fc232a78514daa5d2d9ec639d23a2f34e090511..ac34a24d63546db4a27ea577764eb511e0e04780 100755 (executable)
--- a/config/events.d/11.natgw
+++ b/config/events.d/11.natgw
@@ -77,8 +77,10 @@ case "$1" in
                # We do this so that the ip address will exist on a
                # non-loopback interface so that samba may send it along in the
                # KDC requests.
-               ip addr add $CTDB_NATGW_PUBLIC_IP_HOST dev lo scope host
                ip route add 0.0.0.0/0 via $NATGWIP metric 10
+               # Make sure winbindd does not stay bound to this address
+               # if we are no longer natgwmaster
+               smbcontrol winbindd ip-dropped $CTDB_NATGW_PUBLIC_IP >/dev/null 2>/dev/null
        fi
 
        # flush our route cache