IMHO: Winbind in Samba4

Gémes Géza geza at
Sat Jan 8 15:22:26 GMT 2005

> | -Samba4 will implement in the LDAP server also posix attributes
> BTW: who has said that?
> | -Samba4 is/will be working together with the Heimdal Kerberos 
> implemetation
> | -Posix users/application can authenticate, get account, and
> | authorization information from Heimdal+Samba4 LDAP Server
> | -Samba3 has an acceptable winbind solution for the short term
> | -Winbind would be needed just in case, when there are no Samba4 AD
> | servers at all.
> | So IMHO winbind is a nice thing, but not very urgent in the Samba4
> | development.
> I think winbind is very important for samba4 because it will be act as 
> proxy for
> rpc communication with trusted domains dc's
> and for a member server/workstation the primary domain is also just a 
> simple trusted domain
>Winbindd does a couple of things that we need to preserve.
>It is used as a central point of authentication towards foreign domains
>or the domain controller (it's not really possible to drain down a DC
>resources by opening a connection for each user).
>Winbindd does provide a way to present nested groups to the unix system
>that's not possible with nss_ldap in it's current shape.
If I'm not wrong you suggest that Samba4 ADS will implement the posix 
account stuff through winbind?
Something like in the attached ASCII graphic?
If it would be like in that graph, we would need an idmap backend, 
preferably a distributed one (Samba4 LDAP server perhaps ;-) ). Having 
that winbind backend, wouldn't be nice to be able to specify some posix 
atributes there (Remember Samba2's LDAP schema had lot less attributes 
in LDAP, than Samba3's, so it seems, that the trend is to allow more 
customization). Having posix attributes in Samba4's LDAP schema the only 
reason (in my opinion at least) are nested groups.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: Samba4_Winbind.txt
Type: application/unknown
Size: 1198 bytes
Desc: not available
Url :

More information about the samba-technical mailing list