[Samba] Re: Winbind usage PDC and Domain menber ?

Jérôme Fenal jfenalml at free.fr
Thu Oct 30 14:40:48 GMT 2003

Alban Browaeys wrote:
> This mostly guesses, from posts and mails, i d really appreciate your
> views on those items, thanks
> Should winbind run on a PDC ?

No, winbind gives Unix user information from the SAM.
It is only interesting if you have a Windows PDC.
Because uid mapping is done on a « first connected, first mapped » 
basis, it won't help a lot if you need to have more than one Unix 
NT-domain-member server.

> all account are supposed to exists on it or be managed via add user/ add
> machine 

Don't understand your question, if any, here ??

User & computers accounts (if Samba PDC) are supposed to exist on the 
Unix side. It could either be done by /etc/passwd, eg. the standard Unix 
way, or by a LDAP directory, which would be serving Unix (with the Posix 
Account schema) and Samba (with the Samba[Sam]Account schema).

The real advantage with the LDAP approach, is that it allows a NIS 
replacement (this answers to your next question) with automount 
information distributed by LDAP, and also connected with Samba.

Don't know for AFS.

> Is winbind recommended on a multi file services network (SMB+NFS+AFS+etc)
> and when ACL are used:
> from various it seems not , winbind get the name only from the PDC and set
> a random id in the idmap, so id differs on pdc and menbers, also between
> menbers

See below.

This is why Samba screams as a NT4 PDC based on LDAP in a multi-OS 
environment, compared to a Windows NT4 (or 2K with NT4 domain 
compatibility), with winbind for Unix.

Or if you want to keep your Windows as the domain controller, go and see 
ADS services, with Samba integration in the ADS. Nice, but you'll still 
needs to pay MS for client licences, really painful (have not tried it, 
but look in the list for the technical requirements). And you will also 
need to use spcifically customized NSS LDAP client on Unix.

Can't help further for your last questions.

Regards, & RHTH,


More information about the samba mailing list