samba - Oct 2001 - What is WinBind and how does it work?

I have a requirement to share a few UNIX file systems with a large group of
NT based users. These users do not require write access to the file systems
and ideally should not have UNIX access ( telnet or ftp ).

On Mon, 22 Oct 2001, Orwig, Paul wrote:
> I have a requirement to share a few UNIX file systems with a large group of
> NT based users. These users do not require write access to the file systems
> and ideally should not have UNIX access ( telnet or ftp ).
>
> From what I have been able to see from what documentation there is, this
can
> be handled with winbind. However I cannot get a clear picture of how it
> works, nor of how it is implemented.
>
> Could someone please clear the fog for me?
Okay samba (smbd and nmbd) are the applications/daemons that allow file
sharing via the SMB protocol.  This will allow you access to your files from a
winxx box.
Winbindd is a network account sharing/authentication daemon.  It is used (on
supported system) to make NT account s visible to the UNIX system
transparently.  I find it helps me to think about it like NIS.

You have a NIS server where accounts are created and you have UNIX clients that
pulls the usernames from the server to make them appear locally.
You have a NT server where accounts are created and you have UNIX client
(winbindd) that pulls the usernames from the server to make them appear locally.

This is not the most technically correct explanation, but it may help clarify
things for you.

In the situation you describe I don't believe that you need winbindd.
You _should_ be able to run samba on the HPUX box and create a guest read-only
share.  Then the NT clients will be able to read those files but NOT right to
them and the will certainly NOT have any local UNIX permissions.

To be honest with you I have never setup this type of share, but I fairly
certain that it will be documented on the samba website and in the
mailing-list archives.

HTH

Yours Tony.

/*
 * "The significant problems we face cannot be solved at the
 * same level of thinking we were at when we created them."
 * --Albert Einstein
 */

Thanks that helps a little. I'm still unclear where the PAM module is used.
Is it necessary for Windows access or only for UNIX logins?

We discussed using a generic share, however the data is extremely sensitive
and we need to limit access to only those who require it.

Paul Orwig
Pacific Life

-----Original Message-----
From: Anthony J. Breeds-Taurima [mailto:tony@cantech.net.au]
Sent: Monday, October 22, 2001 6:24 PM
To: Orwig, Paul
Cc: 'samba@lists.samba.org'
Subject: Re: What is WinBind and how does it work?


On Mon, 22 Oct 2001, Orwig, Paul wrote:
> I have a requirement to share a few UNIX file systems with a large group
of
> NT based users. These users do not require write access to the file
systems
> and ideally should not have UNIX access ( telnet or ftp ).
>
> From what I have been able to see from what documentation there is, this
can
> be handled with winbind. However I cannot get a clear picture of how it
> works, nor of how it is implemented.
>
> Could someone please clear the fog for me?
Okay samba (smbd and nmbd) are the applications/daemons that allow file
sharing via the SMB protocol.  This will allow you access to your files from
a
winxx box.
Winbindd is a network account sharing/authentication daemon.  It is used (on
supported system) to make NT account s visible to the UNIX system
transparently.  I find it helps me to think about it like NIS.

You have a NIS server where accounts are created and you have UNIX clients
that
pulls the usernames from the server to make them appear locally.
You have a NT server where accounts are created and you have UNIX client
(winbindd) that pulls the usernames from the server to make them appear
locally.

This is not the most technically correct explanation, but it may help
clarify
things for you.

In the situation you describe I don't believe that you need winbindd.
You _should_ be able to run samba on the HPUX box and create a guest
read-only
share.  Then the NT clients will be able to read those files but NOT right
to
them and the will certainly NOT have any local UNIX permissions.

To be honest with you I have never setup this type of share, but I fairly
certain that it will be documented on the samba website and in the
mailing-list archives.

HTH

Yours Tony.

/*
 * "The significant problems we face cannot be solved at the
 * same level of thinking we were at when we created them."
 * --Albert Einstein
 */