Consider adding --with-winbindd-socket-dir

Andrew Bartlett abartlet at samba.org
Mon Oct 1 15:24:26 MDT 2012 

On Mon, 2012-10-01 at 13:06 +0300, Alexander Bokovoy wrote:
> On Mon, Oct 1, 2012 at 12:58 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> > On Mon, 2012-10-01 at 12:49 +0300, Alexander Bokovoy wrote:
> >> Hi,
> >>
> >> there seem to be disparity in defining where winbindd socket directory
> >> should be in git master. In dynconfig/wscript we define
> >> --with-sockets-dir that is used directly for smbd and derive
> >> winbindd's socket directory out of it as ${SOCKET_DIR}/winbindd. If
> >> one uses --with-sockets-dir=/var/run/samba, for example, then
> >> winbindd's socket directory will be /var/run/samba/winbind.
> >>
> >> This is all fine unless you are dealing with co-install of samba 3.6
> >> and samba 4.x on the same machine. We have such setup in RHEL6 for
> >> maintenance reasons and building libwbclient only in samba 3.6 build,
> >> since this is the same library in both samba 3.6 and 4.x cases. Samba
> >> 3.6 in RHEL6 is built with --with-sockets-dir=/var/run, for various
> >> historical reasons.
> >
> > I'm a little confused.  Except as a build dep, what is the runtime use
> > of the private libwbclient from master in your configuration?
> >
> > That is, why does this matter?  (I didn't think you were packaging the
> > server-side components)
> There two things here.
> 
> One can be ignored as I completely forgot that libwbclient from 3.6
> cannot work against winbindd from 4.0 due to protocol difference. So
> the patch is moot.

That's what I thought, thanks for getting back to me. 

> Another is for what I need to use libwbclient from samba 4.0. Note
> that I'm talking about nsswitch/libwbclient, not source4/ code.
> 
> I'm currently working on a python bindings for libwbclient, These
> bindings will be needed for allowing FreeIPA to resolve user/group
> names from trusted domains to SIDs before storing SIDs as part of
> manual group mapping. Since schannel is in use by winbindd already for
> trusted domains case, Guenther explained to me it will be problematic
> for two schannel connections from the same host to coexist without
> getting Windows confused (winbindd one and the one FreeIPA python code
> would otherwise create using samba python bindings). So I need to talk
> to the winbindd running on the host from Python code.

Correct, you will need to talk to winbindd to do this safely. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list