winbindd architecture

Tim Potter tpot at
Wed Feb 20 09:53:03 GMT 2002

On Wed, Feb 20, 2002 at 05:33:10PM +0200, Yuval Yeret wrote:

> A few technical questions about winbindd I didn't find answers for:
> does the nss_winbind library connect over a unix domain socket to the
> winbindd running as part of the nmbd ? 

No.  It connects over a unix domain socket to winbindd daemon which is a
separate process.  Nmbd and winbindd are separate processes.

> what is the communication, if any, between winbindd and nmbd, and why
> does nmbd have to be running on a machine with winbind enabled for
> passwd.

Nmbd needs to be running on the local system as there are some lookup
requests send by winbindd that are sent by Windows NT domain controllers
to the incorrect port which is a bug in Windows.  Nmbd receives these
packets and stores them in a database (unexpected.tdb) which winbindd
reads from.

> >From looking at the sources, It seems feasable to replace the unix
> domain socket by a UDP/TCP socket. Did anyone try/think of this ? 

It would be pretty slow as there as a lot of information passed over it.
Also there are security implications.  Can you trust the sender that
they are really a winbind daemon when authenticating passwords or
sending group membership information?  If you are running inside your
trusted cluster then this may not be a problem.


More information about the samba-technical mailing list