Winbind - functionality

Ondrej Valousek webserv at
Wed Jul 22 03:05:45 MDT 2009

> If the problem was so easy that a simple nss_ldap invocation handled it
> properly, we would not have 'wasted' so much time on winbind.  It was
> developed for a very real reason.
I agree with Andrew here - nss-ldap is a piece of crap for 2 reasons:
- the whole ldap library is loaded with every NSS library call
- no caching
- called in the user context, so can not use machine credentials to 
access AD
- extra configuration needed

All these problems are hopefully to be solved with the upcoming 
nss-ldapd but it is not stable enough yet. So I vote for winbind, too.
The only problem with winbind is (as I already mentioned) limited system 
databases support (to passwd and group)...

More information about the samba-technical mailing list