IMHO: Winbind in Samba4

Gémes Géza geza at
Sun Jan 9 12:23:03 GMT 2005

Richard Sharpe írta:

>On Sun, 9 Jan 2005, Simo Sorce wrote:
>>>>|>>Well, some NAS boxes will be like that. Probably the smaller stand-alone
>>>>|>>NAS boxes. However, larger NAS boxes are most likely to be a member
>>>>|>Same thing, the NAS box will have a local SAM anyway, and may well
>>>>|>consider its SAM + the DC SAM to be authoritative, and never require you
>>>>|>to do the round-trip, but go directly to ask winbindd.
>>>>| Ummm, we do not want a local SAM. All account and group information should
>>>>| be in LDAP or NIS and the PDC's SAM.
>>>>then just don't use it, there'll be only the builtin aliases and the local administrator
>>>>and guest (disabled) by default.
>>>>(just like a just installed windows member server)
>>>Sure, I was just pointing out to Simo that there are many ways that people
>>>want to use these things.
>>I know, people generally do not want to manage users on a NAS box, but
>>NASes are just one of the targets of samba4.
>>We need to be as compatible as we can, so we will implement all it is
>>necessary and probably something more :-)
>Ahhh, so we are in violent agreement then :-)
>Richard Sharpe, rsharpe[at], rsharpe[at],
This is how I could imagine the Samba4 Winbind and *nix OS interaction 
(see attached ASCII graphic)
With storing posix attributes in Samba4's LDAP server winbinds job is 
just to retrive them, much like the nss_ldap does, the only difference 
beeing in doing a recursive search for group membership.
Maybe better to get a ticket on behalf of the user, and lookup the SIDs 
obtained from the PAC, to get the uid and gids, and coresponding posix 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: Samba4_Winbind_Posix_apps.txt
Type: application/unknown
Size: 1202 bytes
Desc: not available
Url :

More information about the samba-technical mailing list