On Thu, 2013-01-24 at 14:32 +0100, Fred F wrote: > Thanks for your statement, Andrew. I know about winbind and we've used > it in the past, but I remember there were some issues when dealing > with POSIX ACLs and windbind. > > Now while winbind might work in some environments, I think it would be > much nicer and cleaner to integrate Linux clients into a Samba AD > domain with "native" Linux tools. The PAM part is very easy and works > great already with Samba 4 and Linux clients using Kerberos. The only > somewhat troublesome part is the NSS information > (passwd/groups/shadow), which would also not really be an issue if > Samba 4 properly implemented separation between users and groups in > POSIX ACLs (#9521).
This bug is closed as invalid for very good reason. There is not separation between users and groups in windows ACLs, once you have to handle groups owning files and SID History (users essentially becoming groups), and we have no choice but to match. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
