buc at odusz.so-cdu.ru
Thu Oct 12 15:55:17 GMT 2006
Volker Lendecke wrote:
>Hardcoding that is deliberate. If you do a
>getent passwd <username>
>which winbind should that command connect to? Winbind _is_
>a global resource
Surely winbind is a global resource, but when winbind's NSS/PAM is used
There are useful cases, where winbind is in use, but not for NSS/PAM.
See "winbind trusted domains only" option.
This option handles a case where uid/gid are obtained by another NSS
method (NIS+, LDAP etc.). Winbind's NSS is not used here at all, but
winbindd daemon itself is needed to provide correct "mapping" between
UNIX uid/gid and Samba sid .
In our specific case we need TWO such winbind (yet again, not for NSS),
for correct mapping in each of both domain used.
IMO the option like "winbind socket" is applicable (with all the needed
warnings in docs about NSS case).
Say again: When NSS-winbind is not used, the server can be in several
domains simultaneously! It could be very useful for users in UNIX-based
More information about the samba-technical