[Samba] Winbind and Global Catalog

Gerald (Jerry) Carter jerry at samba.org
Wed Aug 27 14:27:19 GMT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sven Anders wrote:
> Gerald (Jerry) Carter schrieb:
>> Sven,
>>
>>>   Does winbind work with a Global Catalog?
>> Winbind does not rely upon global catalog.  I added
>> some search APi recently for GC support but there are
>> not currently being used.
> 
> What does this mean?
> Does winbind do not use the global catalog at all?

Not currently.

>> This should work in spite of GC or not.  But enumerating
>> users is really expensive and I wonder if you really have
>> to do that.  But that is another topic.
> 
> What other possibilities do I have? Some faster?
> 
>> What doesn "wbinfo -m"? Sounds more like and problem with the
>> in forest trusts. What Samba version are you running?
> 
> I'm running Samba-3.0.28a.

In the release notes for 3.2.0, you will see that the
support for domain and forest trusts was greatly improved.

  Winbind and Active Directory Integration:
  o Full support for Windows 2003 cross-forest, transitive trusts
    and one-way domain trusts.
    ....

I'd suggest you give that version a try.

> The "wbinfo -m" command lists all domains 
> (GROUP and GROUP1..GROUP10).
> 
> Isn't joining to the CG-domain (GROUP) enough? Do I 
> have join to each domain separatly?

It should be but we learned a lot during the work on 3.2.0.
Basically we use a 3step process to discover all possible
trust paths now in Winbind.    I feel much more confident in
the trusted domain support in 3.2.x that previous releases.





cheers, jerry
- --
=====================================================================
Samba                                    ------- http://www.samba.org
Likewise Software          ---------  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFItWRGIR7qMdg1EfYRAvUJAJ4gwC8far7qWtFDlQAcaqAiLD+3lQCePf5J
fH3c5CQMAS8DlNQ6p359fDY=
=Dr5K
-----END PGP SIGNATURE-----

More information about the samba mailing list