[Samba] Fixed it myself... (ldap/winbind)

Craig White craigwhite at azapple.com
Fri Jun 11 01:20:39 GMT 2004

On Thu, 2004-06-10 at 14:21, Josh Skains wrote:
> You said:
> --------------
> Your thoughts - rely upon an assumption that is clearly false...that
> ldap is usable without understanding it, that understanding it is
> digestible in some easy form and that documentation doesn't exist.
> --------------
> I say:
> --------------
> First off, you are saying a lot that is "clearly false". LDAP can be used blindly in this case. All I needed is a way to avoid having winbind on system A from assigning UIDs on system B that is different. If the UIDs are not identical on all member unix servers, it screws up permissions on issues like NFS, which still has applications in my world.
That is the point of LDAP - you set it up to maintain your unix accounts
and the member machines use it for authentication. Therefore, 1 user, 1
account on all machines that use LDAP for authentication. The
alternative to LDAP for this is NIS and that is not convergent with

If you use winbind to assign uid's, they WILL be different on each
machine using winbind. Welcome to the jungle.

I'm glad for you that LDAP can be used blindly in this case. I was
hoping that you are gonna show us how, real soon now.
> I say:
> --------------
> Sorry, but some of us have bosses and timeframes. 
Tell the boss that this is complicated stuff, that you need to learn it
to get it right. Please don't hammer us with your time frames.
> You say:
> --------------
> - It makes little sense to use LDAP for Samba and not local system user
> accounts, and why would you think that you can use LDAP for local
> account security without fully digesting the implications and the
> technology?
> --------------
> I say:
> --------------
> I don't need local accounts. I am using winbind. Did you even read my posts, or were you just too busy looking for someone to put down cause you are in a bad mood?
Yes, I read your posts and scratched my head because of your naivety.
But the arrogance of your suggestions wasn't something I couldn't let

If you are using winbind to get local account services for unix users,
why are you not using it (server = [domain|ads] ) for smb users? I
cannot envision a scenario where your plan makes sense.

Yes, I read your posts and thought that they were presumptuous that they
asked for LDAP help and this is a samba message base. Clue...there are
many LDAP lists that provide support of LDAP. You say, the only reason
you want to use LDAP is to interact with samba and therefore, samba
should make LDAP easy. Of course, the samba list members should help you
with your lack of understanding of LDAP too. Good luck


More information about the samba mailing list