[Samba] Default domain for winbindd?

Buchan Milne bgmilne at cae.co.za
Sat Jan 11 10:10:01 GMT 2003

On Fri, 10 Jan 2003 daniel.jarboe at custserv.com wrote:

> > I think it's a bit suspect to suggest 3.0alpha over 2.2.x,
> > depending on
> > the application. For plain authentication use (ie desktops, ssh, cvs
> > over ssh, pop/imap etc), it seems to work very well. I have a
> > production server at a client, that I have never had problems with,
> > service 600+ mailboxes to 60+ concurrent users.
> I had similar success when I tried it... the only "problems" I
> experienced were logs getting winbind errors for system accounts.  But
> Jerry and Andrew both say don't use it in 2.x, and have said it more
> than once on this list.

The question isn't whether it may have problems, but what the problems may
be. As far as I know, the only possible problems with it relate to smbd,
specifically in resolving permissions and ACLs. If you don't run smbd, I
don't think it's an issue. BTW, I have it running on a production machine
that has been up since shortly after the option first made it into a
release, which AFAICR was 2.2.4. I would hae to check the machine, but
IIRC it's at least 8 months production use with  no issues.

I actually do have an smbd running on the machine, but without ACLs, and
there haven't been issues with that, but it's really only minor use (an
easy way for students to work on web pages).

> > I am quite sure 3.0alpha isn't supported yet either (which is the
> > gist of the messages regarding winbind use default domain = yes).
> Well, if he has winbind problems in 2.x with use default domain, I
> suspect the samba team would say it got placed in 2.x to satisfy a
> dependency of a code merge, has known flaws, and should not be used.
> If he has problems in 3.x with winbind use default domain = yes, he's
> likely to get more eyes.  That's my best guess, at least, and I
> welcomed him to try it in 2.x, but suggested 3.x was the way to go if
> he really needed it.

For his use, I don't think there would be any issues (as long as he
doesn't run an smbd). And if there are, then he could try 3.0alpha then,
but starting on a development release is IMHO never a good option, since
it is then difficult to know if your issues are bugs or configuration


