[Samba] Prevent smbd from consulting winbindd
walk2sun at arcor.de
Wed Jan 25 07:57:08 MST 2012
On 13:37:19 wrote Victor Sudakov:
> I am running smbd in a setup described in
> tml#id2604553 under "Winbind is not used; users and groups are
> local". Samba is running in the security=domain mode,
Do you have a PDC with the same setup?
Are you syncing uid/gid manually?
> but all
> Windows users are being mapped to Unix users in /etc/passwd.
This will break the setup which is described in the Samba-HOWTO-
Collection you refere above :-( .
"The only way in which this differs from having local accounts is that
the accounts are stored in a repository that *can be shared* . In
practice this means that they will reside in either
*an NIS-type database or else in LDAP* ."
So only NIS or LDAP will guarantee that you have identical uid/gid
mapping across different machines.
> Now I need to run winbindd for Squid authentication. The problem is,
> as soon as I start winbindd, smbd begins consulting it
so you are running smbd and winbind an squid on the same machine
> and all
> Windows users start receiving uids/gids different from those in
Thats quite normal.
> How do I prevent smbd from consulting winbindd and make
> it use the old /etc/passwd mechanism for uids?
I do not know. I believe it's not possible.
Run smbd on one machine with NIS or LDAP, winbind for squid on an other
Alternatively you may try to run winbind with an own smb.conf
# smb.conf for winbind only
# Here you MUST have one blank line
security = domain
winbind use default domain = yes
# and so on
if you wish to try this, you may start with a new setup.
I have done this tree times with LDAP as backend, it works. If you need
more details, I can write a step-by-step guide, maybe next week.
In all cases you must have a PDC with security=user in smb.conf.
> TIA for any input.
More information about the samba