Winbind - functionality extension needed
Gerald Carter
jerry at plainjoe.org
Wed Jul 8 15:01:28 GMT 2009
Ondrej Valousek wrote:
> Hi all,
>
> I would like to ask if it would be possible to extend the functionality
> of the winbind and nss_winbind.so to cover other system databases (not
> only passwd and group).
...
> The immediate answer is, that nss_ldap (from PADL software) does
> this - but unfortunately not effectively. Why?
> 1. nss_ldap does no caching (no daemon running)
Not entirely true. There several options like nss-ldapd, the similar
overlay in slapd, nscd, etc....
> 2. By default, you need to authenticate to AD in order to access it via
> LDAP. That leaves us 2 options:
> a) Allows anonymous access to AD
> b) configure something like "proxy" user to access AD
Or use nscd with the system keytab and GSSAPI. You could use
Samba to manage the system keytab file.
cheers, jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20090708/5f5d11d8/signature.bin
More information about the samba-technical
mailing list