Hello!
I've been running a custom hacked samba 3.0rc1 to get winbindd to bind every
SID
simply to what getpwent returns as the UID.
The newest versions of samba seem to support the possibility to have
winbindd to use /etc/passwd and /etc/group as the storage backend.
So basically what I need is that each time samba wants to know the SID of the
username "joe" it would just query the SID of "DOMAIN\joe"
from the AD server.
Similarly each time samba wants to know the UID for "DOMAIN\joe" it
would
simply call getpwent for "joe" to get the UID. My patch does this, but
I don't
have anything caching the results so samba does loads of queries to the AD
server.
The thing is that I don't want winbindd to touch the local password
database, I
just want it to search there. If it doesn't find a UID for a specific
windows
user, it should simply return an error, not add a new user. The thing is that
the userdatabase isn't local, it uses an LDAP backend via nsswitch, so
winbindd
would only cause lots of trouble if it would try to tamper the local files.
Can samba do this now? What is interesting here is that this is logically much
much more simpler than having conversion algorithms and using tables and stuff
like that. The reason why everything works this way is that we have both unix
and windows servers and desktops and each share the same users. The users are
really stored on a windows server, but we use nssldap and ad4unix to manually
give an UID to users that require unix access.
The point is that I don't need winbindd to do anything, but it seems like I
have to run it to get AD to work.
Regards,
Edvard Fagerholm
