Re: [Samba] Winbind usage

[John Drescher]

On 8/24/07, Daniel L. Miller [EMAIL PROTECTED] wrote:
 With only a Samba PDC, with everything defined in LDAP, is there any
 requirement for Winbind?

We have never used it in our samba PDC/LDAP environment however with
this setup the security dialog of windows does not correctly list the
groups who have permissions on each file or folder. For each object
regardless of the ACL we see only entries for Administrators, Everyone
 and Users.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Winbind usage

[Chris Smith]

On Friday 24 August 2007, Daniel L. Miller wrote:
 With only a Samba PDC, with everything defined in LDAP, is there any
 requirement for Winbind?

I think the only reason to use it in this case (or even with a different 
passdb backend - any time when you are not authenticating against a Windows 
DC) is to absolutely distinguish between access from non-local domain member 
systems and local domain member systems.

From the Official HOWTO:
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id412001

If the Samba server will be accessed from a domain other than the local Samba 
domain, or if there will be access from machines that are not local domain 
members, winbind will permit the allocation of UIDs and GIDs from the 
assigned pool that will keep the identity of the foreign user separate from 
users that are members of the Samba domain.

-- 
Chris
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Winbind usage PDC and Domain menber ?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alban Browaeys wrote:

| Should winbind run on a PDC ?
| all account are supposed to exists on it or be managed
| via add user/ add machine
wionbindd on a Samba PDC is only needed if the PDC
has established trust relationships.
| Is winbind recommended on a multi file services network
| (SMB+NFS+AFS+etc) and when ACL are used:
| from various it seems not , winbind get the name only
| from the PDC and set a random id in the idmap, so id differs
| on pdc and menbers, also between menbers
This can be corrected using the ldap backend for
winbindd.  It's not really well documented I'm afraid.
| ps: and does running winbind on a PDC could get it to
| map the user to two id on it : one static created at account
| genesis and the other when the PDC use getpwnam , getting
| the libc to call teh local wibind . It depend on the order of
| the passwd attributes in /etc/nsswitch but
| waht if the admin setted winbind before compat (or unix) ?
If I understand you correctly the answer is no.
Think of of like this.  On a Samba PDC, smbd is
authoritative for its own domain accounts (which
must be UNIX users by definition) and winbindd is
used to provide UNIX accounts for users and groups
from trusted domains.
| I also had a difficult case with a domain menber
| (samba+winbind) where a local user had the same name
| as the domain one: with winbind use default domain
| set to yes a conflict arise , is there a rational
| behind this behing default ?
And yet another reason for me to hate that parameter

| For pam:
| is the winbind domain separator , only for local domain menber
| usage , or should it be setted up same on the PDC ?
I don't understand your question here.





cheers, jerry
~ --
~ Hewlett-Packard- http://www.hp.com
~ SAMBA Team -- http://www.samba.org
~ GnuPG Key   http://www.plainjoe.org/gpg_public.asc
~ You can never go home again, Oatman, but I guess you can shop there.
~--John Cusack - Grosse Point Blank (1997)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/oYZ3IR7qMdg1EfYRAv31AKCCXzyDYwapiQLvkqXIN5vytnAExgCgrwAS
rgIX4qJr+caHW9/ka7rl33o=
=t1zz
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba