[Samba] Prevent smbd from consulting winbindd

Harry Jede walk2sun at arcor.de
Wed Jan 25 07:57:08 MST 2012


On 13:37:19 wrote Victor Sudakov:

> Colleagues,
> 
> I am running smbd in a setup described in
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.h
> tml#id2604553 under "Winbind is not used; users and groups are
> local". Samba is running in the security=domain mode,
Do you have a PDC with the same setup? 
Are you syncing uid/gid manually?

> but all
> Windows users are being mapped to Unix users in /etc/passwd.
This will break the setup which is described in the Samba-HOWTO-
Collection you refere above :-( .


"The only way in which this differs from having local accounts is that 
the accounts are stored in a repository that *can be shared* . In 
practice this means that they will reside in either
 *an NIS-type database or else in LDAP* ."

So only NIS or LDAP will guarantee that you have identical uid/gid 
mapping across different machines.

 
> Now I need to run winbindd for Squid authentication. The problem is,
> as soon as I start winbindd, smbd begins consulting it
so you are running smbd and winbind an squid on the same machine

> and all
> Windows users start receiving uids/gids different from those in
> /etc/passwd.
Thats quite normal.

> How do I prevent smbd from consulting winbindd and make
> it use the old /etc/passwd mechanism for uids?
I do not know. I believe it's not possible.

Run smbd on one machine with NIS or LDAP, winbind for squid on an other 
machine.



Alternatively you may try to run winbind with an own smb.conf

for example

# smb.conf for winbind only
# Here you MUST have one blank line

include /etc/samba.conf
[global]
security = domain
winbind use default domain = yes
# and so on

if you wish to try this, you may start with a new setup.
I have done this tree times with LDAP as backend, it works. If you need 
more details, I can write a step-by-step guide, maybe next week.




In all cases you must have a PDC with security=user in smb.conf.



> 
> TIA for any input.


-- 

regards
	Harry Jede


More information about the samba mailing list