Consider adding --with-winbindd-socket-dir

Andrew Bartlett abartlet at
Mon Oct 1 15:24:26 MDT 2012

On Mon, 2012-10-01 at 13:06 +0300, Alexander Bokovoy wrote:
> On Mon, Oct 1, 2012 at 12:58 PM, Andrew Bartlett <abartlet at> wrote:
> > On Mon, 2012-10-01 at 12:49 +0300, Alexander Bokovoy wrote:
> >> Hi,
> >>
> >> there seem to be disparity in defining where winbindd socket directory
> >> should be in git master. In dynconfig/wscript we define
> >> --with-sockets-dir that is used directly for smbd and derive
> >> winbindd's socket directory out of it as ${SOCKET_DIR}/winbindd. If
> >> one uses --with-sockets-dir=/var/run/samba, for example, then
> >> winbindd's socket directory will be /var/run/samba/winbind.
> >>
> >> This is all fine unless you are dealing with co-install of samba 3.6
> >> and samba 4.x on the same machine. We have such setup in RHEL6 for
> >> maintenance reasons and building libwbclient only in samba 3.6 build,
> >> since this is the same library in both samba 3.6 and 4.x cases. Samba
> >> 3.6 in RHEL6 is built with --with-sockets-dir=/var/run, for various
> >> historical reasons.
> >
> > I'm a little confused.  Except as a build dep, what is the runtime use
> > of the private libwbclient from master in your configuration?
> >
> > That is, why does this matter?  (I didn't think you were packaging the
> > server-side components)
> There two things here.
> One can be ignored as I completely forgot that libwbclient from 3.6
> cannot work against winbindd from 4.0 due to protocol difference. So
> the patch is moot.

That's what I thought, thanks for getting back to me. 

> Another is for what I need to use libwbclient from samba 4.0. Note
> that I'm talking about nsswitch/libwbclient, not source4/ code.
> I'm currently working on a python bindings for libwbclient, These
> bindings will be needed for allowing FreeIPA to resolve user/group
> names from trusted domains to SIDs before storing SIDs as part of
> manual group mapping. Since schannel is in use by winbindd already for
> trusted domains case, Guenther explained to me it will be problematic
> for two schannel connections from the same host to coexist without
> getting Windows confused (winbindd one and the one FreeIPA python code
> would otherwise create using samba python bindings). So I need to talk
> to the winbindd running on the host from Python code.

Correct, you will need to talk to winbindd to do this safely. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list