IMHO: Winbind in Samba4
Gémes Géza
geza at kzsdabas.sulinet.hu
Sat Jan 8 15:22:26 GMT 2005
>
> | -Samba4 will implement in the LDAP server also posix attributes
>
> BTW: who has said that?
>
> | -Samba4 is/will be working together with the Heimdal Kerberos
> implemetation
> | -Posix users/application can authenticate, get account, and
> | authorization information from Heimdal+Samba4 LDAP Server
> | -Samba3 has an acceptable winbind solution for the short term
> | -Winbind would be needed just in case, when there are no Samba4 AD
> | servers at all.
> | So IMHO winbind is a nice thing, but not very urgent in the Samba4
> | development.
>
> I think winbind is very important for samba4 because it will be act as
> proxy for
> rpc communication with trusted domains dc's
>
> and for a member server/workstation the primary domain is also just a
> simple trusted domain
>
>
>
>Winbindd does a couple of things that we need to preserve.
>It is used as a central point of authentication towards foreign domains
>or the domain controller (it's not really possible to drain down a DC
>resources by opening a connection for each user).
>
>Winbindd does provide a way to present nested groups to the unix system
>that's not possible with nss_ldap in it's current shape.
>
>
>
>
>
If I'm not wrong you suggest that Samba4 ADS will implement the posix
account stuff through winbind?
Something like in the attached ASCII graphic?
If it would be like in that graph, we would need an idmap backend,
preferably a distributed one (Samba4 LDAP server perhaps ;-) ). Having
that winbind backend, wouldn't be nice to be able to specify some posix
atributes there (Remember Samba2's LDAP schema had lot less attributes
in LDAP, than Samba3's, so it seems, that the trend is to allow more
customization). Having posix attributes in Samba4's LDAP schema the only
reason (in my opinion at least) are nested groups.
Cheers,
Geza
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Samba4_Winbind.txt
Type: application/unknown
Size: 1198 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20050108/547e59b0/Samba4_Winbind.bin
More information about the samba-technical
mailing list