[Samba] netlogon proxy only mode

Rowland Penny rowlandpenny at googlemail.com
Wed Jan 29 04:36:18 MST 2014

OK, I know understand that I should be running winbind and as I have 
always had problems setting it up, I thought that reading the manpage 
would probably be a good idea.

Whilst reading it, I found this:

Even if winbind is not used for nsswitch, it still provides a service to 
smbd, ntlm_auth and the pam_winbind.so PAM module, by managing 
connections to domain controllers. In this configuration the idmap 
config * : range parameter is not required. (This is known as `netlogon 
proxy only mode'.)

So it would seem that I could just run the winbind daemon with minimal 
alterations to smb.conf and continue to use that program I must not mention.

I then tried to find information on just what I need to add to smb.conf 
to make it work, you wouldn't believe how many copies of the winbind 
manpage there are out there, but nothing much on the netlogon proxy only 

The only thing that I could find was when Volker seems to have created 
the mode back in 2004, so can anybody point me to documentation about 
this mode, so that I can try it.



More information about the samba mailing list