Winbind - functionality extension needed

Gerald Carter jerry at plainjoe.org
Wed Jul 8 15:01:28 GMT 2009


Ondrej Valousek wrote:
> Hi all,
> 
> I would like to ask if it would be possible to extend the functionality
> of the winbind and nss_winbind.so to cover other system databases (not
> only passwd and group).
...
> The immediate answer is, that nss_ldap (from PADL software) does 
> this - but unfortunately not effectively. Why?
> 1. nss_ldap does no caching (no daemon running)

Not entirely true.  There several options like nss-ldapd, the similar
overlay in slapd, nscd, etc....

> 2. By default, you need to authenticate to AD in order to access it via
> LDAP. That leaves us 2 options:
> a) Allows anonymous access to AD
> b) configure something like "proxy" user to access AD

Or use nscd with the system keytab and GSSAPI.  You could use
Samba to manage the system keytab file.





cheers, jerry


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20090708/5f5d11d8/signature.bin


More information about the samba-technical mailing list