Samba 4 and winbind
Rowland Penny
repenny at f2s.com
Mon Apr 15 09:42:50 MDT 2013
On 15/04/13 16:17, Alexander Bokovoy wrote:
>
> On Mon, Apr 15, 2013 at 5:41 PM, Rowland Penny <repenny at f2s.com
> <mailto:repenny at f2s.com>> wrote:
>
> On 15/04/13 11:59, Rowland Penny wrote:
>
> Hi, does anybody know if there is a way to turn of the winbind
> part of the samba daemon?
>
> Rowland
>
>
> OK, replying to myself, to turn off winbind add 'server services =
> -winbind' but this did not help with my problem of mounting cifs
> shares at login and then being able to actually write to them.
> This is using sssd pulling all users info from AD.
>
> What it did do, is to start me thinking (yes I know, probably
> dangerous ;-) ) Samba 4 is supposed to be a clone of a windows
> server and work in the same way, so why does the samba daemon have
> winbind built into it, windows servers aren't like that.
>
> Winbind's role is to translate from Windows Security Identifiers
> (SIDs) to POSIX identifiers (UIDs and GIDs). Windows servers don't
> need to do that because they don't need UID and GID themselves.
I understand what winbind does, the question I asked is, why is it built
in to the samba 4 daemon 'samba' when a windows server has nothing like it.
>
>
> As far as I know, you can add posix uidNumbers etc to the AD, but
> windows never uses them itself, so shouldn't samba 4 work the same
> way? If winbind was removed from the samba daemon, you would end
> up with something that is nearer to a windows server and admins
> could then use the backend of their choice to pull the info from
> the samba 4 AD.
>
> Nothing in POSIX is using SIDs but everything relies on UIDs and GIDs.
Again, this I understand, but if Winbind was a stand alone daemon, like
it is with S3, then you could choose to use it or not. I actually think
that if there was a choice then most people would choose not to use
winbind due to its complexity and inconsistency.
Rowland
>
> --
> / Alexander Bokovoy
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba-technical
mailing list