Dmitry Butskoy buc at
Thu Oct 12 15:55:17 GMT 2006

Volker Lendecke wrote:

>Hardcoding that is deliberate. If you do a 
>getent passwd <username>
>which winbind should that command connect to? Winbind _is_
>a global resource
More clean:

Surely winbind is a global resource, but when winbind's NSS/PAM is used 

There are useful cases, where winbind is in use, but not for NSS/PAM. 
See "winbind trusted domains only" option.
This option handles a case where uid/gid are obtained by another NSS 
method (NIS+, LDAP etc.). Winbind's NSS is not used here at all, but 
winbindd daemon itself is needed to provide correct "mapping" between 
UNIX uid/gid and Samba sid .

In our specific case we need TWO such winbind (yet again, not for NSS), 
for correct mapping in each of both domain used.

IMO the option like "winbind socket" is applicable (with all the needed 
warnings in docs about NSS case).

Say again: When NSS-winbind is not used, the server can be in several 
domains simultaneously! It could be very useful for users in UNIX-based 


More information about the samba-technical mailing list