buc at odusz.so-cdu.ru
Thu Oct 12 15:21:31 GMT 2006
Dmitry Butskoy wrote:
>> Hardcoding that is deliberate. If you do a
>> getent passwd <username>
>> which winbind should that command connect to?
> Use an option for pam_winbind, i.e.:
> "auth required pam_winbind.so config=/etc/another_conf
> try_first_pass " ...
Oops. Understand just now. Getent uses /etc/nsswitch.conf .
>> Winbind _is_
>> a global resource,
Yep, in the context of NSS it seems to be global.
But note, that not all the users use "winbind" for NSS. Actually, we use
pam_ldap/nss_ldap for it, and "winbind trusted domains only = yes". I
hope it explains why it is applicable in our case.
By the way, the "winbind trusted domains only" option works just
partially since 3.0.23 (see bug #4075).
I feel that you guys just have forgotten that Samba could work not like
AD slave only :) . It also works fine in the mixed UNIX/Windows
environment, where UNIX (Linux) dominates... :)
More information about the samba-technical