[Samba] Prevent smbd from consulting winbindd
Victor Sudakov
sudakov at sibptus.tomsk.ru
Sat Jan 28 05:33:27 MST 2012
Harry Jede wrote:
> >
> > I am running smbd in a setup described in
> > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.h
> > tml#id2604553 under "Winbind is not used; users and groups are
> > local". Samba is running in the security=domain mode,
> Do you have a PDC with the same setup?
The PDC is a Windows 2000 (sic!) server. I cannot change that.
> Are you syncing uid/gid manually?
I keep Unix uid/gid on Unix and don't want any Winbind-generated uids
or gids.
All I want is a Windows user MYDOMAIN\johndoe to be mapped to the unix
user johndoe whose Unix uid is 2000 in /etc/passwd. This is exactly
what happens when winbinnd is not started.
[dd]
> > Now I need to run winbindd for Squid authentication. The problem is,
> > as soon as I start winbindd, smbd begins consulting it
> so you are running smbd and winbind an squid on the same machine
Yes.
>
> > and all
> > Windows users start receiving uids/gids different from those in
> > /etc/passwd.
> Thats quite normal.
Thats undesirable.
>
> > How do I prevent smbd from consulting winbindd and make
> > it use the old /etc/passwd mechanism for uids?
> I do not know. I believe it's not possible.
>
> Run smbd on one machine with NIS or LDAP, winbind for squid on an other
> machine.
>
This is an obvious solution, I will do that if I find no other way.
But how does smbd communicate with winbindd? Can I hide them from each
other? is "auth methods = ntdomain" or "auth methods = trustdomain"
not what I want?
Which of the auth methods does smbd use when it cannot find a
functional winbindd?
>
>
> Alternatively you may try to run winbind with an own smb.conf
This may be a good idea but how do I hide winbindd (even running with
its own smb.conf) from smbd? How does it communicate with smbd?
>
> if you wish to try this, you may start with a new setup.
> I have done this tree times with LDAP as backend, it works. If you need
> more details, I can write a step-by-step guide, maybe next week.
I don't need a step-by-step guide but I would appreciate an
explanation how to hide smbd and winbindd from each other other than
running them on different hosts.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the samba
mailing list