samba pipe?

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Feb 17 08:54:08 GMT 2005

On Thu, Feb 17, 2005 at 08:03:07AM +1100, Andrew Bartlett wrote:
> I'm certainly not happy with an NTLM bind, mostly because we can't
> handle the trusted domain case for:
> Samba Server -> Windows Doamin (primary)
>              -> Samba domain (trusted)

The primary goal for this is definitely samba as our primary domain. If it is
not, winbind would use the normal idmap backend parameter. If it is 'idmap
backend = rpc:user at host' then something like smbpasswd -w might provide the
appropriate password.

> It also just does not match windows behaviour.

The unixinfo pipe does not match windows behaviour at all I think.

> For our primary domain, then a schannel bind is appropriate.  For
> trusted domains, this is harder to get right.

I've always wanted to have --set-auth-user a per-domain parameter. But anyway
this can only help you for the template homedir/shell stuff in case of trusted
domains. For the idmap you need a single source anyway, and this can be
provided by the idmap backend parameter.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list