[Samba] Re: Winbind/PAM Question
Raphael RIGNIER
rignier at cpe-chartreux.com
Wed Aug 18 14:32:33 GMT 2004
Le mer 18/08/2004 à 15:47, Gerald (Jerry) Carter a écrit :
If you don't like winbindd, you could use NIS (from Windows SFU) or
nss_ldap.
Advantage : UID GID and other UNIX attributes are stored directly in AD.
What's the best?
Raphael
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Alexander E. Patrakov wrote:
>
> | Winbindd is not for SAMBA. It's for things like "login",
> | "sshd" - this way they can let Windows domain users in.
>
> Not entirely correct. pam_winbind.so is for unix services
> like sshd.
>
> smbd itself can ask winbindd directly to authenticate
> a user against the Windows DC. The advantage here is that
> winbindd caches socket connections to the DC and there doesn't
> have the tcp setup and tear down and machine credentials
> validation to go through everytime. And winbindd minimizes the
> actual number of connections to the DC (rather than one per smbd
> process).
>
>
>
>
>
>
> cheers, jerry
> - ---------------------------------------------------------------------
> Alleviating the pain of Windows(tm) ------- http://www.samba.org
> GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
> "If we're adding to the noise, turn off this song"--Switchfoot (2003)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFBI14EIR7qMdg1EfYRAuiWAKDFhRXMSxAw26LhlQtYAUE2AhTU1ACg3M5+
> 5UqRUlSaSono8EOyJzXRLoQ=
> =5lgy
> -----END PGP SIGNATURE-----
More information about the samba
mailing list