IMHO: Winbind in Samba4

Gémes Géza geza at kzsdabas.sulinet.hu
Sun Jan 9 12:23:03 GMT 2005 

Richard Sharpe írta:

>On Sun, 9 Jan 2005, Simo Sorce wrote:
>
>  
>
>>>>|>>
>>>>|>>Well, some NAS boxes will be like that. Probably the smaller stand-alone
>>>>|>>NAS boxes. However, larger NAS boxes are most likely to be a member
>>>>|>>server.
>>>>|>
>>>>|>Same thing, the NAS box will have a local SAM anyway, and may well
>>>>|>consider its SAM + the DC SAM to be authoritative, and never require you
>>>>|>to do the round-trip, but go directly to ask winbindd.
>>>>|
>>>>|
>>>>| Ummm, we do not want a local SAM. All account and group information should
>>>>| be in LDAP or NIS and the PDC's SAM.
>>>>
>>>>then just don't use it, there'll be only the builtin aliases and the local administrator
>>>>and guest (disabled) by default.
>>>>(just like a just installed windows member server)
>>>>        
>>>>
>>>Sure, I was just pointing out to Simo that there are many ways that people
>>>want to use these things.
>>>      
>>>
>>I know, people generally do not want to manage users on a NAS box, but
>>NASes are just one of the targets of samba4.
>>We need to be as compatible as we can, so we will implement all it is
>>necessary and probably something more :-)
>>    
>>
>
>Ahhh, so we are in violent agreement then :-)
>
>Regards
>-----
>Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
>sharpe[at]ethereal.com, http://www.richardsharpe.com
>
>  
>
This is how I could imagine the Samba4 Winbind and *nix OS interaction 
(see attached ASCII graphic)
With storing posix attributes in Samba4's LDAP server winbinds job is 
just to retrive them, much like the nss_ldap does, the only difference 
beeing in doing a recursive search for group membership.
Maybe better to get a ticket on behalf of the user, and lookup the SIDs 
obtained from the PAC, to get the uid and gids, and coresponding posix 
attributes.


Cheers

Geza
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Samba4_Winbind_Posix_apps.txt
Type: application/unknown
Size: 1202 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20050109/5c66984c/Samba4_Winbind_Posix_apps.bin

More information about the samba-technical mailing list