[Samba] Prevent smbd from consulting winbindd

Victor Sudakov sudakov at sibptus.tomsk.ru
Sat Jan 28 05:33:27 MST 2012


Harry Jede wrote:
> > 
> > I am running smbd in a setup described in
> > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.h
> > tml#id2604553 under "Winbind is not used; users and groups are
> > local". Samba is running in the security=domain mode,
> Do you have a PDC with the same setup? 

The PDC is a Windows 2000 (sic!) server. I cannot change that.

> Are you syncing uid/gid manually?

I keep Unix uid/gid on Unix and don't want any Winbind-generated uids
or gids.

All I want is a Windows user MYDOMAIN\johndoe to be mapped to the unix
user johndoe whose Unix uid is 2000 in /etc/passwd.  This is exactly
what happens when winbinnd is not started. 

[dd]

> > Now I need to run winbindd for Squid authentication. The problem is,
> > as soon as I start winbindd, smbd begins consulting it
> so you are running smbd and winbind an squid on the same machine

Yes.

> 
> > and all
> > Windows users start receiving uids/gids different from those in
> > /etc/passwd.
> Thats quite normal.

Thats undesirable.

> 
> > How do I prevent smbd from consulting winbindd and make
> > it use the old /etc/passwd mechanism for uids?
> I do not know. I believe it's not possible.
> 
> Run smbd on one machine with NIS or LDAP, winbind for squid on an other 
> machine.
> 

This is an obvious solution, I will do that if I find no other way.
But how does smbd communicate with winbindd? Can I hide them from each
other? is "auth methods = ntdomain" or "auth methods = trustdomain"
not what I want?

Which of the auth methods does smbd use when it cannot find a
functional winbindd?

> 
> 
> Alternatively you may try to run winbind with an own smb.conf

This may be a good idea but how do I hide winbindd (even running with
its own smb.conf) from smbd? How does it communicate with smbd?

> 
> if you wish to try this, you may start with a new setup.
> I have done this tree times with LDAP as backend, it works. If you need 
> more details, I can write a step-by-step guide, maybe next week.

I don't need a  step-by-step guide but I would appreciate an
explanation how to hide smbd and winbindd from each other other than
running them on different hosts.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru


More information about the samba mailing list