IMHO: Winbind in Samba4 (Was: winbind in samba4?)
idra at samba.org
Fri Jan 7 10:51:26 GMT 2005
On Fri, 2005-01-07 at 11:43 +0100, Gémes Géza wrote:
> I think, that winbind in Samba4 is not as important, as it was in
> Samba3, this are the points on which I base my opinion:
> -Samba4 is/will be implementing the AD server code
> -Samba4 will implement in the LDAP server also posix attributes
> -Samba4 is/will be working together with the Heimdal Kerberos implemetation
> -Posix users/application can authenticate, get account, and
> authorization information from Heimdal+Samba4 LDAP Server
> -Samba3 has an acceptable winbind solution for the short term
> -Winbind would be needed just in case, when there are no Samba4 AD
> servers at all.
> So IMHO winbind is a nice thing, but not very urgent in the Samba4
Winbindd does a couple of things that we need to preserve.
It is used as a central point of authentication towards foreign domains
or the domain controller (it's not really possible to drain down a DC
resources by opening a connection for each user).
Winbindd does provide a way to present nested groups to the unix system
that's not possible with nss_ldap in it's current shape.
> I think the most urgent things are:
> -Samba4 LDAP Server
We're working on it.
> -DRSUAPI replication
Metze is doing very nice progress on that afaik
> -LDB rewriting (with the new talloc code)
> -Heimdal integration (read-write ldb backend, more PAC testing)
Abartlet seem to be working on this nicely.
More information about the samba-technical