[Samba] winbind running in PDC Samba server
craigwhite at azapple.com
Wed Dec 31 16:49:24 GMT 2003
On Wed, 2003-12-31 at 02:11, John H Terpstra wrote:
> On Wed, 31 Dec 2003, [iso-8859-1] Fermín Galán Márquez wrote:
> > Hello,
> > HOWTO chapter 21 describes the use of winbind daemon in a Samba domain
> > member Server, but it's possible (and desirable) to run winbind in a PDC
> > Samba server? The question is due to it that in that case it seems it is not
> > necessary winbind for authenticate/mapping users against a external WinNT4
> > PDC, the Samba PDC perform authentication itself (and the mapping its not
> > necessary, because Samba run in UNIX, where each user/group have an
> > UID/GID).
> > What about when there is a trust relationship between Samba domain and an
> > external WinNT4 domain? (I think in this case winbind could be necessary, to
> > assign SID in the WinNT4 domain to users of the Samba PDC domain, but I'm
> > not sure).
> Winbind is needed to map SIDs from foreign domains and from machines that
> are not domain members. That is why it is a good idea to run winbind on
> all servers.
I'm sort of thinking that winbind might be an expensive process since it
not only adds a layer of complexity upon nsswitch/pam but it also
requires that you not use nscd.
I'm still trying to evaluate it's necessity in an environment where LDAP
is backend, all samba servers use the LDAP system for authentication and
there are no Windows machines used that will not be 'computer accounts'.
But I'm still learning these things...
# mkdir test
# chgrp "Domain Users" test
drwxr-xr-x 2 root Domain Users 4096 Dec 31 06:59 test
Domain Users is in LDAP...
# Domain Users, Groups, Mullen, US
dn: cn=Domain Users,ou=Groups,o=Mullen,c=US
cn: Domain Users
displayName: Domain Users
description: All domain users
More information about the samba