4.2rc2 and winbindd

Michael Adam obnox at samba.org
Mon Oct 20 06:34:48 MDT 2014

Hi Rowland,

On 2014-10-20 at 13:07 +0100, Rowland Penny wrote:
> On 20/10/14 12:44, Michael Adam wrote:
> >Ok. I think the DC-with-winbindd scenario is special here,
> >just need to understand, how so.
> I thought that the whole idea of changing 'winbind' to 'winbindd'
> was to get all the benefits of the established winbind without
> having to do anything special, you are now saying that 'Something
> special' may be required, if this is the case, just what is required
> ????

There are several points for using winbindd.
Here are the two (imho) most important ones:

- Make use of winbindd's ability to speak to other domains
  (the winbind internal samba component can't), hence enabling
  support for trusts!

- Don't maintain two winbind implementations but just one.

That being said, winbindd is avery versatile, flexible tool
that can be configured in various ways. So similar to the
mode of samba starting smbd for file serving, which also
enforces several parameters for the running smbd (which reflects
the special purpose for which smbd is run, namely to serve
SMB in a DC setup), I could imagine that samba enforces
several parameters to reflect the special situation.
That's what I meant with special.
I have not found anything special though with a brief look at
the code.

But that being said, of course things should work in the DC
setup, and you have most certainly found a problem.
Since I did not have the time yet to dig deeper, I don't know
the answer yet. So we'll need to do more testing / digging until
we find it or possibly Andrew can shed some light.

We should have some nss-level test also in our selftest.
(If this is not the case, then it needs to be added...)
The samba-setup for this test (from the selftest provisioning
code) would tell us how to proceed.
(Just trying to give a few hints as to where I would look next
if I had the time right now..)

Cheers - Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20141020/426c2b66/attachment.pgp>

More information about the samba-technical mailing list