[Samba] To use or not to use winbind

[Chris Smith]

On Sunday 03 August 2008, Jason A. Nunnelley wrote:
> Recap: Jeff and I are having a conversation about whether "turning
> off winbinds" is a solution for rectifying apparent conflicts with a
> PDC running winbinds.

Here's my take on the subject:

The general use for winbind is to be able to use an MS domain controller 
for authentication eliminating the need to separately create 
matching 'nix users.

The special case for using winbind is when, using Samba as the PDC, you 
wish to insist that a username/password pair from a system not a domain 
member is not authenticated even if the username/password pair matches 
that of a domain user (maybe more correctly to state that the domain 
part is missing from the supplied credentials). Note that generally 
with a pure Windows network and a Windows NT4 PDC, as well as Windows 
in general (peer to peer), matching username/password credentials are 
enough to authenticate, so using winbind in this situation creates an 
environment more restrictive then generally expected.

-- 
Chris