Re: Disable winbindd?

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMCraig White at <-
MCraig White at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Craig White
Date:  
To: Main PLUG discussion list
Subject: Re: Disable winbindd?
On Fri, 2008-10-03 at 14:47 -0700, Eric Shubert wrote:
> Alan Dayley wrote:
> > On Fri, Oct 3, 2008 at 1:06 PM, Eric Shubert <> wrote:
> >> What you describe sounds nonsensical to me. Sounds like you want to use
> >> Linux authentication in addition to a windows domain controller. That'd be
> >> like trying to use 2 different domain controllers together. I don't see how
> >> you can keep your windows DC and still have samba do authentication separate
> >> from that (unless you do peer-to-peer type authentication, which would be
> >> security = share). I think samba is designed to either work independently
> >> (entirely), or work together with a domain controller. I could be wrong
> >> though (it's been known to happen). ;)
> >>
> >> You might want to read up on samba server types:
> >> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html
> >
> > Maybe what we need to do cannot be done with Samba, which I am willing
> > to entertain.
> >
> > We have a certain class of business data that must be completely
> > restricted from all but a specific list of users. For specific
> > reasons the restricted people include the IT department. If
> > authentication of users is controlled by the domain controller, the IT
> > department has indirect control over the data. So this share cannot
> > have authentication by the domain.
> >
> > (I'm ignoring the fact that SMB is not a secure data protocol over the
> > wire. That is very important but, for the moment, is being
> > selectively ignored.)
> >
> > So we want the Samba server to be a stand-alone server. Each allowed
> > user will have a Linux user defined on the server. When a user wants
> > to get to the data, they connect to "\\SpecialServer\restricted",
> > enter their Linux user ID and password and connect to the share.
> >
> > Are you saying this operational configuration is not possible or just
> > a bad idea?
>
> Sounds like it'd be possible using Share-Level Security "security = share".
> See
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2552417
>
----
NO - don't use security = share

Craig

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Disable winbindd?Re: Disable winbindd?->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)