Samba 4 and winbind

Rowland Penny repenny at
Mon Apr 15 09:42:50 MDT 2013

On 15/04/13 16:17, Alexander Bokovoy wrote:
> On Mon, Apr 15, 2013 at 5:41 PM, Rowland Penny <repenny at 
> <mailto:repenny at>> wrote:
>     On 15/04/13 11:59, Rowland Penny wrote:
>         Hi, does anybody know if there is a way to turn of the winbind
>         part of the samba daemon?
>         Rowland
>     OK, replying to myself, to turn off winbind add 'server services =
>     -winbind' but this did not help with my problem of mounting cifs
>     shares at login and then being able to actually write to them.
>     This is using sssd pulling all users info from AD.
>     What it did do, is to start me thinking (yes I know, probably
>     dangerous ;-) ) Samba 4 is supposed to be a clone of a windows
>     server and work in the same way, so why does the samba daemon have
>     winbind built into it, windows servers aren't like that.
> Winbind's role is to translate from Windows Security Identifiers 
> (SIDs) to POSIX identifiers (UIDs and GIDs). Windows servers don't 
> need to do that because they don't need UID and GID themselves.

I understand what winbind does, the question I asked is, why is it built 
in to the samba 4 daemon 'samba' when a windows server has nothing like it.

>     As far as I know, you can add posix uidNumbers etc to the AD, but
>     windows never uses them itself, so shouldn't samba 4 work the same
>     way?  If winbind was removed from the samba daemon, you would end
>     up with something that is nearer to a windows server and admins
>     could then use the backend of their choice to pull the info from
>     the samba 4 AD.
> Nothing in POSIX is using SIDs but everything relies on UIDs and GIDs.

Again, this I understand, but if Winbind was a stand alone daemon, like 
it is with S3, then you could choose to use it or not. I actually think 
that if there was a choice then most people would choose not to use 
winbind due to its complexity  and inconsistency.


> -- 
> / Alexander Bokovoy
> -- 
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <>, and is
> believed to be clean. 

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba-technical mailing list