winbindd, samba DC, and trusts

simo idra at
Mon Jan 28 20:44:04 GMT 2008

On Mon, 2008-01-28 at 21:04 +0100, Volker Lendecke wrote:
> On Mon, Jan 28, 2008 at 01:38:33PM -0500, simo wrote:
> > Another solution may be to put a signature of some kind in the cifs
> > session setup so that smbd can set the winbindd environment safeguard
> > and not loop. But Jerry tells me that this has been proposed and refused
> > before.
> > 
> > Ideas on how to better solve this are welcome (possibly without
> > requiring gargantuan patches as I'd like to fix this for 3.0.x which is
> > in maintenance mode).
> Wild idea: If winbind figures out it will talk to its own
> smbd, can't you use the LIBSMB_PROG and WINBINDD_OFF
> environment variables and fork smbd locally on a socketpair
> in inetd mode?

This may be tempting, but I wonder if this wouldn't make it a bit fuzzy
for admins that changes command line options in init scripts and such,
esp, for the conf file location.

What do others think ?

Would it be bad to make smbd listen on a pipe as well, and let the pipe
be used only by winbindd ?
That entry point would make it pretty clear this is winbindd speaking
locally and smbd can set WINBINDD_OFF itself in that case.

We might even skip auth in this case and speed up the connection a bit.
Not sure how much this would impact smbd though.


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Senior Software Engineer at Red Hat Inc. <ssorce at>

More information about the samba-technical mailing list