IMHO: Winbind in Samba4

Simo Sorce idra at samba.org
Sun Jan 9 01:52:37 GMT 2005 

On Sat, 2005-01-08 at 19:36 -0800, Richard Sharpe wrote:
> On Sun, 9 Jan 2005, Stefan (metze) Metzmacher wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Richard Sharpe schrieb:
> > | On Sun, 9 Jan 2005, Simo Sorce wrote:
> > |
> > |
> > |>On Sat, 2005-01-08 at 18:25 -0800, Richard Sharpe wrote:
> > |>
> > |>>On Sun, 9 Jan 2005, Simo Sorce wrote:
> > |>>
> > |>>
> > |>>>On Sat, 2005-01-08 at 16:22 +0100, Gémes Géza wrote:
> > |>>>
> > |>>>>If I'm not wrong you suggest that Samba4 ADS will implement the posix
> > |>>>>account stuff through winbind?
> > |>>>>Something like in the attached ASCII graphic?
> > |>>>
> > |>>>Even better in some situations (eg. NAS boxes) Samba4 will not even need
> > |>>>to ask the system for users as it will know it is the primary source for
> > |>>>users account, so you will not need to do the round-trip. In other
> > |>>>system you will probably only need to check unix accounts for some
> > |>>>users, in others /etc/passwd will be the master.
> > |>>
> > |>>Well, some NAS boxes will be like that. Probably the smaller stand-alone
> > |>>NAS boxes. However, larger NAS boxes are most likely to be a member
> > |>>server.
> > |>
> > |>Same thing, the NAS box will have a local SAM anyway, and may well
> > |>consider its SAM + the DC SAM to be authoritative, and never require you
> > |>to do the round-trip, but go directly to ask winbindd.
> > |
> > |
> > | Ummm, we do not want a local SAM. All account and group information should
> > | be in LDAP or NIS and the PDC's SAM.
> >
> > then just don't use it, there'll be only the builtin aliases and the local administrator
> > and guest (disabled) by default.
> > (just like a just installed windows member server)
> 
> Sure, I was just pointing out to Simo that there are many ways that people
> want to use these things.

I know, people generally do not want to manage users on a NAS box, but
NASes are just one of the targets of samba4.
We need to be as compatible as we can, so we will implement all it is
necessary and probably something more :-)


Simo.
-- 
Simo Sorce    -  idra at samba.org
Samba Team    -  http://www.samba.org
Italian Site  -  http://samba.xsec.it

More information about the samba-technical mailing list