Re: Disable winbindd?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MCraig White at <-
MAlan Dayley at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Eric Shubert
Date:  
To: plug-discuss
Subject: Re: Disable winbindd?
Craig White wrote:
> On Fri, 2008-10-03 at 14:47 -0700, Eric Shubert wrote:
>> Alan Dayley wrote:
>>> On Fri, Oct 3, 2008 at 1:06 PM, Eric Shubert <> wrote:
>>>> What you describe sounds nonsensical to me. Sounds like you want to use
>>>> Linux authentication in addition to a windows domain controller. That'd be
>>>> like trying to use 2 different domain controllers together. I don't see how
>>>> you can keep your windows DC and still have samba do authentication separate
>>>> from that (unless you do peer-to-peer type authentication, which would be
>>>> security = share). I think samba is designed to either work independently
>>>> (entirely), or work together with a domain controller. I could be wrong
>>>> though (it's been known to happen). ;)
>>>>
>>>> You might want to read up on samba server types:
>>>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html
>>> Maybe what we need to do cannot be done with Samba, which I am willing
>>> to entertain.
>>>
>>> We have a certain class of business data that must be completely
>>> restricted from all but a specific list of users. For specific
>>> reasons the restricted people include the IT department. If
>>> authentication of users is controlled by the domain controller, the IT
>>> department has indirect control over the data. So this share cannot
>>> have authentication by the domain.
>>>
>>> (I'm ignoring the fact that SMB is not a secure data protocol over the
>>> wire. That is very important but, for the moment, is being
>>> selectively ignored.)
>>>
>>> So we want the Samba server to be a stand-alone server. Each allowed
>>> user will have a Linux user defined on the server. When a user wants
>>> to get to the data, they connect to "\\SpecialServer\restricted",
>>> enter their Linux user ID and password and connect to the share.
>>>
>>> Are you saying this operational configuration is not possible or just
>>> a bad idea?
>> Sounds like it'd be possible using Share-Level Security "security = share".
>> See
>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2552417
>>
> ----
> NO - don't use security = share
>
> Craig
>

I don't think would, Craig.

Question though, is how does one use samba authentication (aka standalone
server with separate authentication) while already logged into a windoze domain?

--
-Eric 'shubes'

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Disable winbindd?Re: Disable winbindd?->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)