Winbind - functionality
Ondrej Valousek
webserv at s3group.cz
Wed Jul 22 03:05:45 MDT 2009
> If the problem was so easy that a simple nss_ldap invocation handled it
> properly, we would not have 'wasted' so much time on winbind. It was
> developed for a very real reason.
>
I agree with Andrew here - nss-ldap is a piece of crap for 2 reasons:
- the whole ldap library is loaded with every NSS library call
- no caching
- called in the user context, so can not use machine credentials to
access AD
- extra configuration needed
All these problems are hopefully to be solved with the upcoming
nss-ldapd but it is not stable enough yet. So I vote for winbind, too.
The only problem with winbind is (as I already mentioned) limited system
databases support (to passwd and group)...
More information about the samba-technical
mailing list