[Samba] Winbindd

Gerald (Jerry) Carter jerry at samba.org
Wed Dec 17 17:26:50 GMT 2003

Hash: SHA1

Kent L. Nasveschuk wrote:
> The message I got from Jerry Carter yesterday says that Winbindd 
 > is only required for trust accounts between 2 domains. I was
 > confused also, the documentation seems to lead one to the contrary.

I was referring to winbindd running on a Samba DC.  The best rule of 
thumb is

   * a Samba DC is authoritative for its own accounts (the
     ones in the passdb).  winbindd in this case is used to deal
     with users/groups from trusted domains.

   * a Samba server that is a member of a Samba domain
     (and is sharing unix accounts via NIS, etc..) should run winbindd
     and set 'winbind trusted domains only = yes' to force the
     SID mapping to use local accounts rather than allocating
     new ones for users/groups in its own domain

   * a Samba server that is a member of a Windows domain should
     run winbindd to allocate IDs for users/groups in its own
     domain and trusted domains.

Hope this helps.

- --
cheers, jerry
  Hewlett-Packard            ------------------------- http://www.hp.com
  SAMBA Team                 ---------------------- http://www.samba.org
  GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
  "If we're adding to the noise, turn off this song" --Switchfoot (2003)
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list