[Samba] Winbind usage PDC and Domain menber ?

[Alban Browaeys]

This mostly guesses, from posts and mails, i d really appreciate your
views on those items, thanks

Should winbind run on a PDC ?
all account are supposed to exists on it or be managed via add user/ add
machine 

Is winbind recommended on a multi file services network (SMB+NFS+AFS+etc)
and when ACL are used:
from various it seems not , winbind get the name only from the PDC and set
a random id in the idmap, so id differs on pdc and menbers, also between
menbers

ps: and does running winbind on a PDC could get it to map the user to two
id on it : one static created at account genesis and the other when the
PDC use getpwnam , getting the libc to call teh local wibind .
It depend on the order of the "passwd" attributes in /etc/nsswitch but
waht if the admin setted winbind before compat (or unix) ?

I also had a difficult case with a domain menber (samba+winbind) where a
local user had the same name as the domain one:
with "winbind use default domain" set to yes a conflict arise , is there a
rational behind this behing default ? 

For pam:
is the winbind domain separator , only for local domain menber
usage , or should it be setted up same on the PDC ?


Alban