Disable winbindd?

Eric Shubert ejs at shubes.net
Fri Oct 3 14:47:34 MST 2008


Alan Dayley wrote:
> On Fri, Oct 3, 2008 at 1:06 PM, Eric Shubert <ejs at shubes.net> wrote:
>> What you describe sounds nonsensical to me. Sounds like you want to use
>> Linux authentication in addition to a windows domain controller. That'd be
>> like trying to use 2 different domain controllers together. I don't see how
>> you can keep your windows DC and still have samba do authentication separate
>> from that (unless you do peer-to-peer type authentication, which would be
>> security = share). I think samba is designed to either work independently
>> (entirely), or work together with a domain controller. I could be wrong
>> though (it's been known to happen). ;)
>>
>> You might want to read up on samba server types:
>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html
> 
> Maybe what we need to do cannot be done with Samba, which I am willing
> to entertain.
> 
> We have a certain class of business data that must be completely
> restricted from all but a specific list of users.  For specific
> reasons the restricted people include the IT department.  If
> authentication of users is controlled by the domain controller, the IT
> department has indirect control over the data.  So this share cannot
> have authentication by the domain.
> 
> (I'm ignoring the fact that SMB is not a secure data protocol over the
> wire.  That is very important but, for the moment, is being
> selectively ignored.)
> 
> So we want the Samba server to be a stand-alone server.  Each allowed
> user will have a Linux user defined on the server.  When a user wants
> to get to the data, they connect to "\\SpecialServer\restricted",
> enter their Linux user ID and password and connect to the share.
> 
> Are you saying this operational configuration is not possible or just
> a bad idea?

Sounds like it'd be possible using Share-Level Security "security = share".
See
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2552417


> BTW, the designer of the SWAT UI needs a lesson in preventing
> disasters!  The select a share drop-down button is pixels away from
> the DELETE button (See attached)!  (Backup /etc/samba/smb.conf before
> you start!)
> 

Ha!

-- 
-Eric 'shubes'



More information about the PLUG-discuss mailing list