IMHO: Winbind in Samba4 (Was: winbind in samba4?)

Simo Sorce idra at
Fri Jan 7 10:51:26 GMT 2005

On Fri, 2005-01-07 at 11:43 +0100, Gémes Géza wrote:
> I think, that winbind in Samba4 is not as important, as it was in 
> Samba3, this are the points on which I base my opinion:
> -Samba4 is/will be implementing the AD server code
> -Samba4 will implement in the LDAP server also posix attributes
> -Samba4 is/will be working together with the Heimdal Kerberos implemetation
> -Posix users/application can authenticate, get account, and 
> authorization information from Heimdal+Samba4 LDAP Server
> -Samba3 has an acceptable winbind solution for the short term
> -Winbind would be needed just in case, when there are no Samba4 AD 
> servers at all.
> So IMHO winbind is a nice thing, but not very urgent in the Samba4 
> development.

Winbindd does a couple of things that we need to preserve.
It is used as a central point of authentication towards foreign domains
or the domain controller (it's not really possible to drain down a DC
resources by opening a connection for each user).

Winbindd does provide a way to present nested groups to the unix system
that's not possible with nss_ldap in it's current shape.

> I think the most urgent things are:
> -Samba4 LDAP Server

We're working on it.

> -DRSUAPI replication

Metze is doing very nice progress on that afaik

> -LDB rewriting (with the new talloc code)


> -Heimdal integration (read-write ldb backend, more PAC testing)

Abartlet seem to be working on this nicely.



More information about the samba-technical mailing list