winbind proxy only mode?

Andrew Bartlett abartlet at samba.org
Mon Jun 28 22:37:56 GMT 2004


On Tue, 2004-06-29 at 02:42, Volker.Lendecke at SerNet.DE wrote:
> Hi!
> 
> Besides doing idmap stuff winbind in Samba 3 has the very nice feature of
> speeding up the authentication against a DC a lot. It does so by caching an
> authenticated connection to the NETLOGON pipe of the DC right up to the
> SamLogon call. winbind offers the service to use this connection to the smbd's
> which don't have to find and connect to the DCs on their own. 
> 
> A little thing that has always annoyed me is the fact that winbind can not be
> run without the 'idmap [ug]id' parameters correctly set even if libnss_winbind
> is not used. The attached patch lets winbind start even if none of these
> parameters is set. Naturally, no id mapping can take place without them. This
> enables winbind to run in a netlogon proxy only mode.

I strongly agree.  Having to configure IDMAP for a Squid/NTLM
installation (the other type of proxy ;-) is silly.

Andrew Bartlett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040629/730228c3/attachment.bin


More information about the samba-technical mailing list