On Wed, 2003-12-31 at 02:11, John H Terpstra wrote: > On Wed, 31 Dec 2003, [iso-8859-1] FermÃn GalÃn MÃrquez wrote: > > > Hello, > > > > HOWTO chapter 21 describes the use of winbind daemon in a Samba domain > > member Server, but it's possible (and desirable) to run winbind in a PDC > > Samba server? The question is due to it that in that case it seems it is not > > necessary winbind for authenticate/mapping users against a external WinNT4 > > PDC, the Samba PDC perform authentication itself (and the mapping its not > > necessary, because Samba run in UNIX, where each user/group have an > > UID/GID). > > Correct. > > > What about when there is a trust relationship between Samba domain and an > > external WinNT4 domain? (I think in this case winbind could be necessary, to > > assign SID in the WinNT4 domain to users of the Samba PDC domain, but I'm > > not sure). > > Winbind is needed to map SIDs from foreign domains and from machines that > are not domain members. That is why it is a good idea to run winbind on > all servers. ---- I'm sort of thinking that winbind might be an expensive process since it not only adds a layer of complexity upon nsswitch/pam but it also requires that you not use nscd.
I'm still trying to evaluate it's necessity in an environment where LDAP is backend, all samba servers use the LDAP system for authentication and there are no Windows machines used that will not be 'computer accounts'. But I'm still learning these things... # mkdir test # chgrp "Domain Users" test ls -l total 48 drwxr-xr-x 2 root Domain Users 4096 Dec 31 06:59 test Domain Users is in LDAP... # Domain Users, Groups, Mullen, US dn: cn=Domain Users,ou=Groups,o=Mullen,c=US objectClass: posixGroup objectClass: sambaGroupMapping cn: Domain Users gidNumber: 1008 sambaSID: S-1-5-21-1292501092-333717336-619646970-513 sambaGroupType: 2 displayName: Domain Users description: All domain users memberUid: root memberUid: artstation memberUid: Administrator Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
