simo idra at
Sat Aug 9 00:25:15 GMT 2008

On Sat, 2008-08-09 at 00:56 +0200, Volker Lendecke wrote:
> On Fri, Aug 08, 2008 at 03:06:22PM -0400, simo wrote:
> > I think the problem here is that tdb will still be the default.
> > Ie it will happily allocate for foreign domains unless there is an
> > explicit configuration for them.
> Yes, and that is deliberate.
> We could implement something like "winbind ignore domains"
> the opposite of that, but with that winbind would not accept
> anything at all for the filtered domains, not only idmap
> requests would be dropped. From my point of view it does
> not make sense to allow one kind of request (i.e. for
> example PAM auth) but not others (i.e. sid2uid).

It does, for example right now ntlm_auth could care less about idmapping
and it should stay that way.


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Senior Software Engineer at Red Hat Inc. <ssorce at>

More information about the samba-technical mailing list