Disable winbindd?

[Eric Shubert]

Craig White wrote:
> On Fri, 2008-10-03 at 15:48 -0700, Eric Shubert wrote:
>> Craig White wrote:
> 
>>>>> Are you saying this operational configuration is not possible or just
>>>>> a bad idea?
>>>> Sounds like it'd be possible using Share-Level Security "security = share".
>>>> See
>>>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2552417
>>>>
>>> ----
>>> NO - don't use security = share
>>>
>>> Craig
>>>
>> I don't think would, Craig.
>>
>> Question though, is how does one use samba authentication (aka standalone
>> server with separate authentication) while already logged into a windoze domain?
> ----
> Yes, Windows domain authentication is designed to give a single-sign-on
> authentication method and if the samba server is not connected to the
> domain either via security = [server | ads ] or via winbind, it's going
> to be a bit confused of a setup.
> 
> If the samba server is not joined to the domain, then I would set the
> workgroup of that samba server to something other than the Windows
> domain and set security = user and then each user would have to
> authenticate to it separately as the domain credentials would be
> meaningless. Sort of like having a Windows XP Home system which is also
> not capable of participating in a Windows Domain security model.
> 
> I have on occasion resorted to stupid dos command line scripts to
> connect Windows XP Home systems like this (from memory, please verify)
> 
> net use f: \\SERVER_NAME\SHARE /USER:SAMBA_USER_NAME
> 
> and it will prompt for the password and that script can be put into
> 'Startup' to execute on login.
> 
> Also, managing users/groups separately is another burden as now you
> would have at least two places to maintain when adding/deleting users
> and groups.
> 
> Craig
> 

I suspect for this scenario you'd also want to use
        domain master = no
        domain logons = no
in the configuration, yes?

-- 
-Eric 'shubes'