When we are no longer the natgw master, dont put the natgw ip on loopback.

We put the ip on loopback just to make sure we would still interoperate with
non-standard configurations on unix-KDC, that are configured to verify the optional
HostAddresses field.
This is not required for AD, since AD does not use this field, and is replaced in
unix land with other/better mechanisms than this "dodgy" check.

This makes it "easier" for applications that have bound to the natgw address
to detect a socket problem and try to reconnect/recover if the ip address
is completely missing from the system.

At the same time, use the winbind specific hook that exists to explicitely tell winbindd : this address is gone, so if you have bound to it, this is a good time to close and rebind your socket.

cq 1020333

diff --git a/config/events.d/11.natgw b/config/events.d/11.natgw
index 512f8dee8e6a86b2fc130f4e0cf1bd71da3a1615..1d5ba0f5570a804a7d5e782259cc002aec300667 100755 (executable)
--- a/config/events.d/11.natgw
+++ b/config/events.d/11.natgw
@@ -91,8 +91,10 @@ case "$1" in
                # We do this so that the ip address will exist on a
                # non-loopback interface so that samba may send it along in the
                # KDC requests.
-               ip addr add $CTDB_NATGW_PUBLIC_IP_HOST dev lo scope host
                ip route add 0.0.0.0/0 via $NATGWIP metric 10
+               # Make sure winbindd does not stay bound to this address
+               # if we are no longer natgwmaster
+               smbcontrol winbindd ip-dropped $CTDB_NATGW_PUBLIC_IP >/dev/null 2>/dev/null
        fi
 
        # flush our route cache