On 4 January 2011 05:50, Bob Miller <[email protected]> wrote: > Gaiseric, > thank you sooo much for the reply.... > I will make comments inline: > > On Mon, 2011-01-03 at 20:06 -0500, Gaiseric Vandal wrote: >> Winbind is used for allowing unix things like file system access, getent >> passwd and getent group to handle windows users (windows users and groups >> get unix uid's and gid's allocated.) > > To say this another way; getent maps users/groups and their respective > uids/gids/sids, winbind is what determines if those uids/gids have > permission to do what is being requested?
That is not how I understand it at all. "getent passwd" and "getent group" are basically front-ends to winbind (when you have winbind specified in your nsswitch.conf.) So winbind does the talking to a Windows (or Samba) server and maps the uids/gids to/from sids. i.e. winbind maps uids/gids to/from sids/names. getent passwd/group maps between uids/gids and names (via winbind). It's the local filesystem permissions/acls or your smb.conf that determine whether a particular user/group has access to something. I have never used winbind, but that's basically my understanding of it. >> I don't use winbind to login to a >> unix system as a windows user but I do use it to allow the unix file system >> on a samba server to handle file perms for windows users. Winbind would >> have nothing to do with subnet issues. > > So wbinfo commands are not affected by working across a vpn... I suppose if winbind can talk to the Windows (or Samba) server where it gets its information, it should not matter if that server is on the other end of a VPN link. -- Michael Wood <[email protected]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
