[Samba] samba pdc and winbindd on same server?

[Buchan Milne]

> Message: 10
> From: "Drash, Jim [NCSUS]" <JDrash at EESUS.JNJ.com>
> To: "'samba at lists.samba.org'" <samba at lists.samba.org>
> Date: Mon, 5 Aug 2002 09:19:14 -0400 
> Subject: [Samba] samba pdc and winbindd on same server?

> If this question has been asked and answered, I am sorry  but I searched and
> could not find it.
> 
> Is it possible to have a samba PDC on the same server as a winbindd pointing
> to that samba PDC.  

Not if the samba PDC is running 2.2.x, it should be possible (but not 
necessarily desireable) in 3.0 (or current HEAD cvs).

> The reason I want to do this is that I want the
> capability winbindd provides for a single sign on for things UNIX and the
> samba PDC for all things Windows.  I don't want to have to run two boxes (if
> I don't have to) to get these functions.

But this isn't the only option, and it prevents you from doing some 
things. For example, you have no guarantee of users having the same uid 
between machines, so you can't use NFS.

You can do one of a few things:

1) Use pam_smb and nss_ldap on the clients, LDAP server to hold user 
details.
2) Have samba store it's passwords in LDAP, and use "pam password change 
= yes" do password changes via pam_ldap, so you auth by pam_ldap and 
nss_ldap
3) Combinations of the two.

We are migrating towards LDAP, so we currently have most things auth via 
pam_smb and pam_ldap, user/group enumeration was by sync'ed 
password/group files, but has been LDAP for a while.

Buchan

-- 
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7