We put the ip on loopback just to make sure we would still interoperate with
non-standard configurations on unix-KDC, that are configured to verify the optional
HostAddresses field.
This is not required for AD, since AD does not use this field, and is replaced in
unix land with other/better mechanisms than this "dodgy" check.
This makes it "easier" for applications that have bound to the natgw address
to detect a socket problem and try to reconnect/recover if the ip address
is completely missing from the system.
At the same time, use the winbind specific hook that exists to explicitely tell winbindd : this address is gone, so if you have bound to it, this is a good time to close and rebind your socket.
cq
1020333
# We do this so that the ip address will exist on a
# non-loopback interface so that samba may send it along in the
# KDC requests.
- ip addr add $CTDB_NATGW_PUBLIC_IP_HOST dev lo scope host
ip route add 0.0.0.0/0 via $NATGWIP metric 10
+ # Make sure winbindd does not stay bound to this address
+ # if we are no longer natgwmaster
+ smbcontrol winbindd ip-dropped $CTDB_NATGW_PUBLIC_IP >/dev/null 2>/dev/null
fi
# flush our route cache