Hi all, I am just after some opinions about the pros and cons of winbind compared to the 'standard' kerberos and ldap methods. I've have already got single sign on working with pam_krb5 and nss_ldap (using SASL/GSSAPI) against SBS 2003 (with MSSFU 3.0) using Debian Sarge as clients/'member servers', and integration of Samba is the next bit I'm looking at.
The impressions I get are (corrections welcome): Winbind should be a bit simpler to set up than the pam/nss option, and mean a bit less work entering UIDs and GIDs etc into Active Directory and generating keytabs etc. Using the standard kerberos/ldap methods should give more flexibility for integrating with other unix based services eg consistent uid mapping between machines (when using Active Directory at least) etc. Winbind users need to log on using DOMAIN\USER, while pam_krb5 users just need to use USER for their default realm. Or am I wrong about that one? Winbind users can change their AD password while pam_krb5 users can't (at this stage). Now for some questions... Is it possible or is there any value in using both winbind and pam_krb5/nss_ldap together? How would they integrate? If it's even possible, what would I miss out on if not using winbind? I presume there still needs to be some sort of SID mapping going on for Samba to do its stuff? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
