Winbind - functionality extension needed

Gerald Carter jerry at
Wed Jul 8 15:01:28 GMT 2009

Ondrej Valousek wrote:
> Hi all,
> I would like to ask if it would be possible to extend the functionality
> of the winbind and to cover other system databases (not
> only passwd and group).
> The immediate answer is, that nss_ldap (from PADL software) does 
> this - but unfortunately not effectively. Why?
> 1. nss_ldap does no caching (no daemon running)

Not entirely true.  There several options like nss-ldapd, the similar
overlay in slapd, nscd, etc....

> 2. By default, you need to authenticate to AD in order to access it via
> LDAP. That leaves us 2 options:
> a) Allows anonymous access to AD
> b) configure something like "proxy" user to access AD

Or use nscd with the system keytab and GSSAPI.  You could use
Samba to manage the system keytab file.

cheers, jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url :

More information about the samba-technical mailing list