Winbind - functionality extension needed

Ondrej Valousek webserv at
Thu Jul 9 14:10:30 GMT 2009

> No.   nscd also solves the problem of calling into nss_ldap
> in the user context (i.e. permissions on the system keytab).
Wow! You are right. BUT: nscd runs under "nscd" user account (not 
speaking about the SELinux policy) so even nss_ldap would be called in 
"nscd" user context. And besides, nss_ldap can not directly use the 
system Kerberos keytab file. So nscd does not help me either.
> I'm just offering suggestions.  Having winbindd deal with
> other NIS maps seems a bit out of mainstream IMO.  But it's not
> really my call.
I agree, having nss_ldapd would be the best solution, indeed.

More information about the samba-technical mailing list