IMHO: Winbind in Samba4
geza at kzsdabas.sulinet.hu
Sun Jan 9 12:23:03 GMT 2005
Richard Sharpe írta:
>On Sun, 9 Jan 2005, Simo Sorce wrote:
>>>>|>>Well, some NAS boxes will be like that. Probably the smaller stand-alone
>>>>|>>NAS boxes. However, larger NAS boxes are most likely to be a member
>>>>|>Same thing, the NAS box will have a local SAM anyway, and may well
>>>>|>consider its SAM + the DC SAM to be authoritative, and never require you
>>>>|>to do the round-trip, but go directly to ask winbindd.
>>>>| Ummm, we do not want a local SAM. All account and group information should
>>>>| be in LDAP or NIS and the PDC's SAM.
>>>>then just don't use it, there'll be only the builtin aliases and the local administrator
>>>>and guest (disabled) by default.
>>>>(just like a just installed windows member server)
>>>Sure, I was just pointing out to Simo that there are many ways that people
>>>want to use these things.
>>I know, people generally do not want to manage users on a NAS box, but
>>NASes are just one of the targets of samba4.
>>We need to be as compatible as we can, so we will implement all it is
>>necessary and probably something more :-)
>Ahhh, so we are in violent agreement then :-)
>Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
This is how I could imagine the Samba4 Winbind and *nix OS interaction
(see attached ASCII graphic)
With storing posix attributes in Samba4's LDAP server winbinds job is
just to retrive them, much like the nss_ldap does, the only difference
beeing in doing a recursive search for group membership.
Maybe better to get a ticket on behalf of the user, and lookup the SIDs
obtained from the PAC, to get the uid and gids, and coresponding posix
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1202 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20050109/5c66984c/Samba4_Winbind_Posix_apps.bin
More information about the samba-technical