winbindd, samba DC, and trusts

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Jan 29 08:18:37 GMT 2008

On Mon, Jan 28, 2008 at 03:44:04PM -0500, simo wrote:
> This may be tempting, but I wonder if this wouldn't make it a bit fuzzy
> for admins that changes command line options in init scripts and such,
> esp, for the conf file location.

Putting the whole command line of smbd might be possible.

> Would it be bad to make smbd listen on a pipe as well, and let the pipe
> be used only by winbindd ?
> That entry point would make it pretty clear this is winbindd speaking
> locally and smbd can set WINBINDD_OFF itself in that case.

Hmmm. Not sure I like this idea.

> We might even skip auth in this case and speed up the connection a bit.
> Not sure how much this would impact smbd though.

I could imagine a command line switch that maps anonymous
session setup to builtin\administrator *ONLY* in the case
when smbd is forked off a local process, so that normal file
system permissions work. I would not like the idea to have
the main daemon such an option. What happens if we get that
wrong somehow for a daemon that listens on network ports?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list