[Samba] Winbindd
Gerald (Jerry) Carter
jerry at samba.org
Wed Dec 17 17:26:50 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kent L. Nasveschuk wrote:
> The message I got from Jerry Carter yesterday says that Winbindd
> is only required for trust accounts between 2 domains. I was
> confused also, the documentation seems to lead one to the contrary.
I was referring to winbindd running on a Samba DC. The best rule of
thumb is
* a Samba DC is authoritative for its own accounts (the
ones in the passdb). winbindd in this case is used to deal
with users/groups from trusted domains.
* a Samba server that is a member of a Samba domain
(and is sharing unix accounts via NIS, etc..) should run winbindd
and set 'winbind trusted domains only = yes' to force the
SID mapping to use local accounts rather than allocating
new ones for users/groups in its own domain
* a Samba server that is a member of a Windows domain should
run winbindd to allocate IDs for users/groups in its own
domain and trusted domains.
Hope this helps.
- --
cheers, jerry
----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song" --Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/4JHaIR7qMdg1EfYRAlQJAJ4jP2rkKkS2t8lGTAsf2D76UATPogCgxhDb
/m04VH7wOelcLiGVliYgZ5A=
=bOT8
-----END PGP SIGNATURE-----
More information about the samba
mailing list