[Samba] Prevent smbd from consulting winbindd

a.key a.key at jadu.net
Fri Feb 3 05:52:46 MST 2012


Can't you just disable winbind from nssswitch  ?


On 28/01/12 11:45, Victor Sudakov wrote:
> Harry Jede wrote:
>>>
>>> I am running smbd in a setup described in
>>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.h
>>> tml#id2604553 under "Winbind is not used; users and groups are
>>> local". Samba is running in the security=domain mode,
>> Do you have a PDC with the same setup?
>
> The PDC is a Windows 2000 (sic!) server. I cannot change that.
>
>> Are you syncing uid/gid manually?
>
> I keep Unix uid/gid on Unix and don't want any Winbind-generated uids
> or gids.
>
> All I want is a Windows user MYDOMAIN\johndoe to be mapped to the unix
> user johndoe whose Unix uid is 2000 in /etc/passwd.  This is exactly
> what happens when winbinnd is not started.
>
> [dd]
>
>>> Now I need to run winbindd for Squid authentication. The problem is,
>>> as soon as I start winbindd, smbd begins consulting it
>> so you are running smbd and winbind an squid on the same machine
>
> Yes.
>
>>
>>> and all
>>> Windows users start receiving uids/gids different from those in
>>> /etc/passwd.
>> Thats quite normal.
>
> Thats undesirable.
>
>>
>>> How do I prevent smbd from consulting winbindd and make
>>> it use the old /etc/passwd mechanism for uids?
>> I do not know. I believe it's not possible.
>>
>> Run smbd on one machine with NIS or LDAP, winbind for squid on an other
>> machine.
>>
>
> This is an obvious solution, I will do that if I find no other way.
> But how does smbd communicate with winbindd? Can I hide them from each
> other? is "auth methods = ntdomain" or "auth methods = trustdomain"
> not what I want?
>
> Which of the auth methods does smbd use when it cannot find a
> functional winbindd?
>
>>
>>
>> Alternatively you may try to run winbind with an own smb.conf
>
> This may be a good idea but how do I hide winbindd (even running with
> its own smb.conf) from smbd? How does it communicate with smbd?
>
>>
>> if you wish to try this, you may start with a new setup.
>> I have done this tree times with LDAP as backend, it works. If you need
>> more details, I can write a step-by-step guide, maybe next week.
>
> I don't need a  step-by-step guide but I would appreciate an
> explanation how to hide smbd and winbindd from each other other than
> running them on different hosts.
>




More information about the samba mailing list