Dmitry Butskoy buc at
Thu Oct 12 15:21:31 GMT 2006

Dmitry Butskoy wrote:

>> Hardcoding that is deliberate. If you do a
>> getent passwd <username>
>> which winbind should that command connect to?
> Use an option for pam_winbind, i.e.:
> "auth   required  config=/etc/another_conf   
> try_first_pass " ...

Oops. Understand just now. Getent uses /etc/nsswitch.conf .

>> Winbind _is_
>> a global resource,
Yep, in the context of NSS it seems to be global.

But note, that not all the users use "winbind" for NSS. Actually, we use 
pam_ldap/nss_ldap for it, and "winbind trusted domains only = yes". I 
hope it explains why it is applicable in our case.

By the way, the "winbind trusted domains only" option works just 
partially since 3.0.23 (see bug #4075).
I feel that you guys just have forgotten that Samba could work not like 
AD slave only :) . It also works fine in the mixed UNIX/Windows 
environment, where UNIX (Linux) dominates... :)


More information about the samba-technical mailing list