[Samba] winbind versus nss/pam_ldap
fernando at lozano.eti.br
Tue May 14 10:30:30 MDT 2013
Since samba 3.0 I've been using Samba PDC and BDCs backed by OpenLDAP,
and I configure my member servers (all running Linux) to use nss and pam
to get user information directly from LDAP. I took this way because I
had previous experience using LDAP for e-mail and web apps. But it looks
from the list and samba docs that most people configure winbind on
member servers, and so they don't need direct access to a LDAP server.
I'm wondering what are the advantages and disadvantages of each method,
and if I should change my setup to use winbind. Can anyone provide some
pointers to such a comparison?
For example, using winbind seems to be easier: less configuration files
to change on linux member servers. On the other side, using LDAP
provides centralized identity management for servers which do not run
samba (such as database servers), but setting up a server with winbind
only (no smbd or nmbd) doesn't seem harder to do than setting up a
server with nss/pam_ldap.
s, Fernando Lozano
More information about the samba