[PATCH][WIP] Remove (internal) winbind from Samba for 4.3

Steve French smfrench at gmail.com
Sat Jun 13 10:16:27 MDT 2015


On Fri, Jun 12, 2015 at 4:01 AM, Andrew Bartlett <abartlet at samba.org> wrote:
> What this patch does is remove the *internal* winbind from the source4
> directory.  This was replaced by default with winbindd from source3 in
> Samba 4.2, and this patch is to remove it.  Unlike other areas of
> duplication, this has no redeeming features in my view, so now we have
> fixed the classicupgrade issues (on which this patch builds), we can
> remove it.
<...>
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

I haven't looked at this in a long time, but I remember that in the
past an argument for source4 winbind was that it could get group
membership directly from Active Directory when Samba 4 was running as
a Domain Controller on the same box.  For example if winbind was run
on a Samba RODC, then Samba file server and winbind in effect already
had a copy of the group memberships, which was replicated safely from
the other AD DCs (rather than simply cached on a timer), and the
source4 winbind (unlike the source3 winbind) would not have to query
them which could improve performance and reduce load on the network
and on the file server.

Does the source4 Winbind have any caching advantages (vs. the source3)
when run on a Samba 4.x AD DC? In large enterprises, retrieving group
memberships can be one of the more performance sensitive parts of file
server session establishment and access check evaluation.



-- 
Thanks,

Steve


More information about the samba-technical mailing list