a way to disable ADS in winbind in samba3

Volker Lendecke Volker.Lendecke at SerNet.DE
Mon May 28 13:30:40 GMT 2007


On Mon, May 28, 2007 at 08:16:54AM -0500, Gerald (Jerry) Carter wrote:
> I'm strongly opposed to either change.  Mainly because
> we are simply shifting the responsibility of who is
> supposed to know what they are doing.  The original
> intent of forcing winbindd to use the winbindd_ads
> methods if possible was that the the solely rpc
> methods would not always retrieve the data in a consistent
> manner.

Are you referring to more than the primary group id thing?
That is the only one I know about.

> Perhaps if someone gave an example of how the AD install
> was not working it would help to win me over.

I think this particular one is missing DNS on the DCs, I
myself have not seen that. This is the cluster that Tridge
is testing on. I myself have several applications where I
want winbind to authenticate for squid in a DMZ, and I only
want it to do the NTLM auth proxy. Nothing else. And for
security reasons the connection between the DMZ and any DC
should be shut down as much as possible. I know, 445 is
pretty bad, but it's better than everything necessary for
AD.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070528/0131cf19/attachment.bin


More information about the samba-technical mailing list