IMHO: Winbind in Samba4

Simo Sorce idra at
Sun Jan 9 00:31:18 GMT 2005

On Sat, 2005-01-08 at 16:22 +0100, Gémes Géza wrote:
> If I'm not wrong you suggest that Samba4 ADS will implement the posix 
> account stuff through winbind?
> Something like in the attached ASCII graphic?

Even better in some situations (eg. NAS boxes) Samba4 will not even need
to ask the system for users as it will know it is the primary source for
users account, so you will not need to do the round-trip. In other
system you will probably only need to check unix accounts for some
users, in others /etc/passwd will be the master.

> If it would be like in that graph, we would need an idmap backend, 
> preferably a distributed one (Samba4 LDAP server perhaps ;-) ).

Well yes, we will have some sort of idmap, under Linux it will be
probably at the kernel level through our LSM module or tied to it very

>  Having 
> that winbind backend, wouldn't be nice to be able to specify some posix 
> atributes there (Remember Samba2's LDAP schema had lot less attributes 
> in LDAP, than Samba3's, so it seems, that the trend is to allow more 
> customization). Having posix attributes in Samba4's LDAP schema the only 
> reason (in my opinion at least) are nested groups.

You can customize you LDAP tree the way you want, you just need to add a
schema, but I'm not sure samba4 will manipulate POSIX attributes by


Simo Sorce    -  idra at
Samba Team    -
Italian Site  -

More information about the samba-technical mailing list