a way to disable ADS in winbind in samba3

Volker Lendecke Volker.Lendecke at SerNet.DE
Mon May 28 15:37:35 GMT 2007


On Mon, May 28, 2007 at 10:14:43AM -0500, Gerald (Jerry) Carter wrote:
> The reason why I'm opposed to reverting the "use winbindd_ads
> whenever possible" is that if penalizes everyone who uses
> Samba for the benefit of a few broken installations.
> I'm a little surprised since you have been the main proponent
> of getting rid of any distinction between security ads and
> security = domain.

You're right, I would really like to get rid of that
distinction.

Please excuse my comments here, I haven't been in winbind
for ages, so it is really not up to me to propose anything,
but I would attack that in a different way: I find the
different flags in the winbindd_domain structure a bit
confusing, I would much rather like to see a feature-based
set of flags like "Should we enumerate domain local groups"
an so on. The current way from my point of view obscures the
fact what policy decisions are taken based on the different
flags.

On the other hand, I would really like to give the admin the
option to fully go without Kerberos and LDAP in winbind. I
know, you can always compile Samba without LDAP, but I would
prefer a runtime option here.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070528/985147db/attachment.bin


More information about the samba-technical mailing list