Samba 4 and winbind

Alexander Bokovoy ab at
Mon Apr 15 09:17:23 MDT 2013

On Mon, Apr 15, 2013 at 5:41 PM, Rowland Penny <repenny at> wrote:

> On 15/04/13 11:59, Rowland Penny wrote:
>> Hi, does anybody know if there is a way to turn of the winbind part of
>> the samba daemon?
>> Rowland
>>  OK, replying to myself, to turn off winbind add 'server services =
> -winbind' but this did not help with my problem of mounting cifs shares at
> login and then being able to actually write to them. This is using sssd
> pulling all users info from AD.
> What it did do, is to start me thinking (yes I know, probably dangerous
> ;-) ) Samba 4 is supposed to be a clone of a windows server and work in the
> same way, so why does the samba daemon have winbind built into it, windows
> servers aren't like that.
Winbind's role is to translate from Windows Security Identifiers (SIDs) to
POSIX identifiers (UIDs and GIDs). Windows servers don't need to do that
because they don't need UID and GID themselves.

> As far as I know, you can add posix uidNumbers etc to the AD, but windows
> never uses them itself, so shouldn't samba 4 work the same way?  If winbind
> was removed from the samba daemon, you would end up with something that is
> nearer to a windows server and admins could then use the backend of their
> choice to pull the info from the samba 4 AD.

Nothing in POSIX is using SIDs but everything relies on UIDs and GIDs.

/ Alexander Bokovoy

More information about the samba-technical mailing list