Disable winbindd?

Craig White craigwhite at azapple.com
Fri Oct 3 15:08:01 MST 2008


On Fri, 2008-10-03 at 14:47 -0700, Eric Shubert wrote:
> Alan Dayley wrote:
> > On Fri, Oct 3, 2008 at 1:06 PM, Eric Shubert <ejs at shubes.net> wrote:
> >> What you describe sounds nonsensical to me. Sounds like you want to use
> >> Linux authentication in addition to a windows domain controller. That'd be
> >> like trying to use 2 different domain controllers together. I don't see how
> >> you can keep your windows DC and still have samba do authentication separate
> >> from that (unless you do peer-to-peer type authentication, which would be
> >> security = share). I think samba is designed to either work independently
> >> (entirely), or work together with a domain controller. I could be wrong
> >> though (it's been known to happen). ;)
> >>
> >> You might want to read up on samba server types:
> >> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html
> > 
> > Maybe what we need to do cannot be done with Samba, which I am willing
> > to entertain.
> > 
> > We have a certain class of business data that must be completely
> > restricted from all but a specific list of users.  For specific
> > reasons the restricted people include the IT department.  If
> > authentication of users is controlled by the domain controller, the IT
> > department has indirect control over the data.  So this share cannot
> > have authentication by the domain.
> > 
> > (I'm ignoring the fact that SMB is not a secure data protocol over the
> > wire.  That is very important but, for the moment, is being
> > selectively ignored.)
> > 
> > So we want the Samba server to be a stand-alone server.  Each allowed
> > user will have a Linux user defined on the server.  When a user wants
> > to get to the data, they connect to "\\SpecialServer\restricted",
> > enter their Linux user ID and password and connect to the share.
> > 
> > Are you saying this operational configuration is not possible or just
> > a bad idea?
> 
> Sounds like it'd be possible using Share-Level Security "security = share".
> See
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2552417
> 
----
NO - don't use security = share

Craig



More information about the PLUG-discuss mailing list