[Samba] is winbind needed if i provide unix attributes?

steve steve at steve-ss.com
Thu Jan 19 15:20:25 MST 2012

On 19/01/12 21:59, Angel Bosch wrote:
>> We're running s3/LDAP with uid:gid, shell and home directory all in
>> LDAP. No winbind anywhere.
> is this the only samba server? do you have any samba server as member of that one?
> anyway, i've read more carefully the docs and found that(1):
> "it stores mappings between UNIX UIDs, GIDs, and NT SIDs. This mapping is used only for users and groups that do not have a local UID/GID"
> so i can assume that local unix attributes are always looked first and winbind is used only if that first resolution fails. the key is that "local" here means any account seen by NSS (getent passwd), for example LDAP.
> i found much more usefull and even easy to configure NSS/PAM against LDAP than winbind, but in the docs(2), when talking about adding members, it seems that winbind is the only way to go.
> i think it would be really usefull that official docs provides an example of this other kind of setup.
> abosch
> References:
> 1 - http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
> 2 - http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html
No. Only one Samba server. We have no local users on the clients apart 
from root on Linux and Administrator on win 7. Samba for the win 7 
clients only, nfs for Linux file sharing. You do not need to join the 
Linux clients to the domain if you use LDAP. Ubuntu and openSUSE have a 
great little utility to join the Linux clients to LDAP via nss-ldap.

More information about the samba mailing list