[Samba] Re: Q: winbindd, unqualfied users,
& name conflicts (a.k.a "Death to 'winbind use default domain'!")
Gerald (Jerry) Carter
jerry at samba.org
Thu Jul 20 17:37:10 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Simo,
>> I am about a 1/2 inch from marking the smb.conf option
>> as deprecated and adding similar option to pam_winbind.conf.
>> This option just cannot work reliably.
>>
>> Do you have any suggestions?
>
> I would just document that local users will
> always take precendence.
>
> Winbind use default domain is too valuable to
> be removed imho.
First assigning the wrong groups to a user is a security
issue. Second, I said pull 'winbind use default domain'
from the server code and put it in the client code.
The fact is that this parameter is fundamentally broken.
It cannot actually work correctly. At some point (probably
for 3.0.24) we will have to break it and move it to the
client. There is no way around it.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFEv79FIR7qMdg1EfYRAqQuAKDiEQZRH9npORt5bJYT8j8Jqom78ACg8WEK
iOGOYZqXmVk/N3/apLtAJ8s=
=rO9A
-----END PGP SIGNATURE-----
More information about the samba
mailing list