[Samba] Re: Winbind usage PDC and Domain menber ?
jfenalml at free.fr
Thu Oct 30 14:40:48 GMT 2003
Alban Browaeys wrote:
> This mostly guesses, from posts and mails, i d really appreciate your
> views on those items, thanks
> Should winbind run on a PDC ?
No, winbind gives Unix user information from the SAM.
It is only interesting if you have a Windows PDC.
Because uid mapping is done on a « first connected, first mapped »
basis, it won't help a lot if you need to have more than one Unix
> all account are supposed to exists on it or be managed via add user/ add
Don't understand your question, if any, here ??
User & computers accounts (if Samba PDC) are supposed to exist on the
Unix side. It could either be done by /etc/passwd, eg. the standard Unix
way, or by a LDAP directory, which would be serving Unix (with the Posix
Account schema) and Samba (with the Samba[Sam]Account schema).
The real advantage with the LDAP approach, is that it allows a NIS
replacement (this answers to your next question) with automount
information distributed by LDAP, and also connected with Samba.
Don't know for AFS.
> Is winbind recommended on a multi file services network (SMB+NFS+AFS+etc)
> and when ACL are used:
> from various it seems not , winbind get the name only from the PDC and set
> a random id in the idmap, so id differs on pdc and menbers, also between
This is why Samba screams as a NT4 PDC based on LDAP in a multi-OS
environment, compared to a Windows NT4 (or 2K with NT4 domain
compatibility), with winbind for Unix.
Or if you want to keep your Windows as the domain controller, go and see
ADS services, with Samba integration in the ADS. Nice, but you'll still
needs to pay MS for client licences, really painful (have not tried it,
but look in the list for the technical requirements). And you will also
need to use spcifically customized NSS LDAP client on Unix.
Can't help further for your last questions.
Regards, & RHTH,
More information about the samba