[Samba] Prevent smbd from consulting winbindd
a.key at jadu.net
Fri Feb 3 05:52:46 MST 2012
Can't you just disable winbind from nssswitch ?
On 28/01/12 11:45, Victor Sudakov wrote:
> Harry Jede wrote:
>>> I am running smbd in a setup described in
>>> tml#id2604553 under "Winbind is not used; users and groups are
>>> local". Samba is running in the security=domain mode,
>> Do you have a PDC with the same setup?
> The PDC is a Windows 2000 (sic!) server. I cannot change that.
>> Are you syncing uid/gid manually?
> I keep Unix uid/gid on Unix and don't want any Winbind-generated uids
> or gids.
> All I want is a Windows user MYDOMAIN\johndoe to be mapped to the unix
> user johndoe whose Unix uid is 2000 in /etc/passwd. This is exactly
> what happens when winbinnd is not started.
>>> Now I need to run winbindd for Squid authentication. The problem is,
>>> as soon as I start winbindd, smbd begins consulting it
>> so you are running smbd and winbind an squid on the same machine
>>> and all
>>> Windows users start receiving uids/gids different from those in
>> Thats quite normal.
> Thats undesirable.
>>> How do I prevent smbd from consulting winbindd and make
>>> it use the old /etc/passwd mechanism for uids?
>> I do not know. I believe it's not possible.
>> Run smbd on one machine with NIS or LDAP, winbind for squid on an other
> This is an obvious solution, I will do that if I find no other way.
> But how does smbd communicate with winbindd? Can I hide them from each
> other? is "auth methods = ntdomain" or "auth methods = trustdomain"
> not what I want?
> Which of the auth methods does smbd use when it cannot find a
> functional winbindd?
>> Alternatively you may try to run winbind with an own smb.conf
> This may be a good idea but how do I hide winbindd (even running with
> its own smb.conf) from smbd? How does it communicate with smbd?
>> if you wish to try this, you may start with a new setup.
>> I have done this tree times with LDAP as backend, it works. If you need
>> more details, I can write a step-by-step guide, maybe next week.
> I don't need a step-by-step guide but I would appreciate an
> explanation how to hide smbd and winbindd from each other other than
> running them on different hosts.
More information about the samba