Hi, I am wondering the rationale behind this design decision. I am working on a small network using samba as the PDC/BDC with most workstation being Windows machine. With samba and the User Manager for domain, I can easily manage the user database from Windows. In addition to samba, I also run the mail server on it, this requires standard linux login. Initially, I thought the best would be using winbind so the same samba account can be used for all other unix activities too but found out that winbind would not return anything for its own domain. This make the above situation a bit complicated, I can still use nss_ldap/pam_ldap to make use of the same samba account(I use ldap backend anyway) but the setup is more complicated(need to do password sync through samba). So why not let winbind to return entries for its own domain as well then only one set of account needs to be dealt with the above situation ? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Gerald (Jerry) Carter
2005-May-07 16:18 UTC
[Samba] why limit winbind to trusted domain only ?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 gary ng wrote: | So why not let winbind to return entries for its own | domain as well then only one set of account needs to | be dealt with the above situation ? A Sam,ba DC is authoritative for its own domain which means that UNIX accounts must exists before the user or group can be added to the passdb backend. In this case winbindd running on a PDC is *not* authoritative for these accounts. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCfOpLIR7qMdg1EfYRAhl2AKDLyuRoAc6abUNAreb1JOfs+RId0ACg4jc+ 7qS3zpNExaNd69b9MfRfQHY=Okqt -----END PGP SIGNATURE-----