winbindd uid and gid range assumptions

Andrew Bartlett abartlet at
Mon May 13 15:45:03 GMT 2002

Mike Gerdts wrote:
> It seems as though there was an assumption that users of winbindd would
> have switched entirely to NT domain authentication or that they would
> have distinct range of UIDs/GIDs for /etc/passwd (or NIS) and NT domain.

> Is there any good reason to not just let get_id_from_sid() in
> nsswitch/winbindd_idmap.c do all the checking?  It seems as though the
> optimization achieved by the multitude of checks is minimal and greatly
> reduces the chances integration possibilities between winbindd and
> traditional unix authentication.

Moving over the socket is a very expencive operation, particularly
compared to a simple if statement.  Also, where we know that a uid is
local, we need to check with code that winbind isn't linked to - the
passdb backend.

But yes, we need to deal with things like getting the uid from the SFU
LDAP schema, so this may well change in the future. 

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list