Samba 4 and winbind
Alexander Bokovoy
ab at samba.org
Mon Apr 15 09:17:23 MDT 2013
On Mon, Apr 15, 2013 at 5:41 PM, Rowland Penny <repenny at f2s.com> wrote:
> On 15/04/13 11:59, Rowland Penny wrote:
>
>> Hi, does anybody know if there is a way to turn of the winbind part of
>> the samba daemon?
>>
>> Rowland
>>
>>
>> OK, replying to myself, to turn off winbind add 'server services =
> -winbind' but this did not help with my problem of mounting cifs shares at
> login and then being able to actually write to them. This is using sssd
> pulling all users info from AD.
>
> What it did do, is to start me thinking (yes I know, probably dangerous
> ;-) ) Samba 4 is supposed to be a clone of a windows server and work in the
> same way, so why does the samba daemon have winbind built into it, windows
> servers aren't like that.
>
Winbind's role is to translate from Windows Security Identifiers (SIDs) to
POSIX identifiers (UIDs and GIDs). Windows servers don't need to do that
because they don't need UID and GID themselves.
>
> As far as I know, you can add posix uidNumbers etc to the AD, but windows
> never uses them itself, so shouldn't samba 4 work the same way? If winbind
> was removed from the samba daemon, you would end up with something that is
> nearer to a windows server and admins could then use the backend of their
> choice to pull the info from the samba 4 AD.
Nothing in POSIX is using SIDs but everything relies on UIDs and GIDs.
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list