[Samba] Fixed it myself... (ldap/winbind)

Josh Skains JSkains at deltad.com
Fri Jun 11 06:11:04 GMT 2004

Yes, your Majesty. I am so sorry to disturb your humble mailbox.
Next time, just ignore the post.

	-----Original Message----- 
	From: Craig White [mailto:craigwhite at azapple.com] 
	Sent: Thu 6/10/2004 6:20 PM 
	To: Josh Skains 
	Cc: samba at lists.samba.org 
	Subject: RE: [Samba] Fixed it myself... (ldap/winbind)

	On Thu, 2004-06-10 at 14:21, Josh Skains wrote:
	> You said:
	> --------------
	> Your thoughts - rely upon an assumption that is clearly false...that
	> ldap is usable without understanding it, that understanding it is
	> digestible in some easy form and that documentation doesn't exist.
	> --------------
	> I say:
	> --------------
	> First off, you are saying a lot that is "clearly false". LDAP can be used blindly in this case. All I needed is a way to avoid having winbind on system A from assigning UIDs on system B that is different. If the UIDs are not identical on all member unix servers, it screws up permissions on issues like NFS, which still has applications in my world.
	That is the point of LDAP - you set it up to maintain your unix accounts
	and the member machines use it for authentication. Therefore, 1 user, 1
	account on all machines that use LDAP for authentication. The
	alternative to LDAP for this is NIS and that is not convergent with
	If you use winbind to assign uid's, they WILL be different on each
	machine using winbind. Welcome to the jungle.
	I'm glad for you that LDAP can be used blindly in this case. I was
	hoping that you are gonna show us how, real soon now.
	> I say:
	> --------------
	> Sorry, but some of us have bosses and timeframes.
	Tell the boss that this is complicated stuff, that you need to learn it
	to get it right. Please don't hammer us with your time frames.
	> You say:
	> --------------
	> - It makes little sense to use LDAP for Samba and not local system user
	> accounts, and why would you think that you can use LDAP for local
	> account security without fully digesting the implications and the
	> technology?
	> --------------
	> I say:
	> --------------
	> I don't need local accounts. I am using winbind. Did you even read my posts, or were you just too busy looking for someone to put down cause you are in a bad mood?
	Yes, I read your posts and scratched my head because of your naivety.
	But the arrogance of your suggestions wasn't something I couldn't let
	If you are using winbind to get local account services for unix users,
	why are you not using it (server = [domain|ads] ) for smb users? I
	cannot envision a scenario where your plan makes sense.
	Yes, I read your posts and thought that they were presumptuous that they
	asked for LDAP help and this is a samba message base. Clue...there are
	many LDAP lists that provide support of LDAP. You say, the only reason
	you want to use LDAP is to interact with samba and therefore, samba
	should make LDAP easy. Of course, the samba list members should help you
	with your lack of understanding of LDAP too. Good luck

More information about the samba mailing list