> Message: 10
> From: "Drash, Jim [NCSUS]" <JDrash@EESUS.JNJ.com>
> To: "'samba@lists.samba.org'"
<samba@lists.samba.org>
> Date: Mon, 5 Aug 2002 09:19:14 -0400
> Subject: [Samba] samba pdc and winbindd on same server?
> If this question has been asked and answered, I am sorry but I searched
and
> could not find it.
>
> Is it possible to have a samba PDC on the same server as a winbindd
pointing
> to that samba PDC.
Not if the samba PDC is running 2.2.x, it should be possible (but not
necessarily desireable) in 3.0 (or current HEAD cvs).
> The reason I want to do this is that I want the
> capability winbindd provides for a single sign on for things UNIX and the
> samba PDC for all things Windows. I don't want to have to run two
boxes (if
> I don't have to) to get these functions.
But this isn't the only option, and it prevents you from doing some
things. For example, you have no guarantee of users having the same uid
between machines, so you can't use NFS.
You can do one of a few things:
1) Use pam_smb and nss_ldap on the clients, LDAP server to hold user
details.
2) Have samba store it's passwords in LDAP, and use "pam password
change
= yes" do password changes via pam_ldap, so you auth by pam_ldap and
nss_ldap
3) Combinations of the two.
We are migrating towards LDAP, so we currently have most things auth via
pam_smb and pam_ldap, user/group enumeration was by sync'ed
password/group files, but has been LDAP for a while.
Buchan
--
|----------------Registered Linux User #182071-----------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7