Re: [Samba] Re: Winbind/PAM Question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander E. Patrakov wrote: | Winbindd is not for SAMBA. It's for things like login, | sshd - this way they can let Windows domain users in. Not entirely correct. pam_winbind.so is for unix services like sshd. smbd itself can ask winbindd directly to authenticate a user against the Windows DC. The advantage here is that winbindd caches socket connections to the DC and there doesn't have the tcp setup and tear down and machine credentials validation to go through everytime. And winbindd minimizes the actual number of connections to the DC (rather than one per smbd process). cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBI14EIR7qMdg1EfYRAuiWAKDFhRXMSxAw26LhlQtYAUE2AhTU1ACg3M5+ 5UqRUlSaSono8EOyJzXRLoQ= =5lgy -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Winbind/PAM Question
Le mer 18/08/2004 à 15:47, Gerald (Jerry) Carter a écrit : If you don't like winbindd, you could use NIS (from Windows SFU) or nss_ldap. Advantage : UID GID and other UNIX attributes are stored directly in AD. What's the best? Raphael -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander E. Patrakov wrote: | Winbindd is not for SAMBA. It's for things like login, | sshd - this way they can let Windows domain users in. Not entirely correct. pam_winbind.so is for unix services like sshd. smbd itself can ask winbindd directly to authenticate a user against the Windows DC. The advantage here is that winbindd caches socket connections to the DC and there doesn't have the tcp setup and tear down and machine credentials validation to go through everytime. And winbindd minimizes the actual number of connections to the DC (rather than one per smbd process). cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBI14EIR7qMdg1EfYRAuiWAKDFhRXMSxAw26LhlQtYAUE2AhTU1ACg3M5+ 5UqRUlSaSono8EOyJzXRLoQ= =5lgy -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Winbind/PAM Question
On Thu, 2004-08-19 at 00:32, Raphael RIGNIER wrote: Le mer 18/08/2004 15:47, Gerald (Jerry) Carter a crit : If you don't like winbindd, you could use NIS (from Windows SFU) or nss_ldap. Advantage : UID GID and other UNIX attributes are stored directly in AD. What's the best? Or you can use idmap_ad to read those attributes in the directory :-) (See references on the mailing list) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
