[Samba] winbind versus nss/pam_ldap

Fernando Lozano fernando at lozano.eti.br
Tue May 14 10:30:30 MDT 2013

Hi there,

Since samba 3.0 I've been using Samba PDC and BDCs backed by OpenLDAP, 
and I configure my member servers (all running Linux) to use nss and pam 
to get user information directly from LDAP. I took this way because I 
had previous experience using LDAP for e-mail and web apps. But it looks 
from the list and samba docs that most people configure winbind on 
member servers, and so they don't need direct access to a LDAP server.

I'm wondering what are the advantages and disadvantages of each method, 
and if I should change my setup to use winbind. Can anyone provide some 
pointers to such a comparison?

For example, using winbind seems to be easier: less configuration files 
to change on linux member servers. On the other side, using LDAP 
provides centralized identity management for servers which do not run 
samba (such as database servers), but setting up a server with winbind 
only (no smbd or nmbd) doesn't seem harder to do than setting up a 
server with nss/pam_ldap.

[]s, Fernando Lozano

More information about the samba mailing list