[Samba] Prevent smbd from consulting winbindd
Harry Jede
walk2sun at arcor.de
Wed Jan 25 07:57:08 MST 2012
On 13:37:19 wrote Victor Sudakov:
> Colleagues,
>
> I am running smbd in a setup described in
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.h
> tml#id2604553 under "Winbind is not used; users and groups are
> local". Samba is running in the security=domain mode,
Do you have a PDC with the same setup?
Are you syncing uid/gid manually?
> but all
> Windows users are being mapped to Unix users in /etc/passwd.
This will break the setup which is described in the Samba-HOWTO-
Collection you refere above :-( .
"The only way in which this differs from having local accounts is that
the accounts are stored in a repository that *can be shared* . In
practice this means that they will reside in either
*an NIS-type database or else in LDAP* ."
So only NIS or LDAP will guarantee that you have identical uid/gid
mapping across different machines.
> Now I need to run winbindd for Squid authentication. The problem is,
> as soon as I start winbindd, smbd begins consulting it
so you are running smbd and winbind an squid on the same machine
> and all
> Windows users start receiving uids/gids different from those in
> /etc/passwd.
Thats quite normal.
> How do I prevent smbd from consulting winbindd and make
> it use the old /etc/passwd mechanism for uids?
I do not know. I believe it's not possible.
Run smbd on one machine with NIS or LDAP, winbind for squid on an other
machine.
Alternatively you may try to run winbind with an own smb.conf
for example
# smb.conf for winbind only
# Here you MUST have one blank line
include /etc/samba.conf
[global]
security = domain
winbind use default domain = yes
# and so on
if you wish to try this, you may start with a new setup.
I have done this tree times with LDAP as backend, it works. If you need
more details, I can write a step-by-step guide, maybe next week.
In all cases you must have a PDC with security=user in smb.conf.
>
> TIA for any input.
--
regards
Harry Jede
More information about the samba
mailing list