nsswitch/winbindd question
Chong Yu Meng
chongym at cymulacrum.net
Mon Oct 23 05:25:21 UTC 2006
On Sun, 2006-10-22 at 12:51 +0100, Anne Wilson wrote:
> I'm very confused about this. I see those messages on both boxes that report.
> On one winbind was running at level 5 - I've switched it off and disabled it
> in chkconfig - but on the other it was not running at any level.
>
> I looked at the /etc/nsswitch.conf, but again I didn't really know what it was
> looking for, so I don't know whether it is set up right or not. I'll post it
> here if it helps.
My theory is more than a little rusty, but here's what I can remember
(and I'm sure someone will correct me if I am wrong):
For NT and Active Directory domains, computers (servers and
workstations) need to be added to the Primary Domain Controller (PDC),
which keeps an LDAP-like directory containing all the computers and
printers on the domain (Server Manager applet in NT4, IIRC). The PDC
runs a name service similar to DNS, and computers that are domain
members will contact the PDC whenever it needs to locate a computer or
service, such as a printer.
All this is handled more or less automatically by WinXP Pro and
Win2KPro. The problem is that Linux does not have that capability
natively. Samba provides that function for simple workgroup sharing, but
Winbind provides the additional functionality for joining a domain.
Because PDC's provide a name service, Linux domain members can make use
of it by adding 'winbind' as another parameter in /etc/nsswitch.conf.
I'm not sure if it is mandatory as memory fails me on this. It may be,
because I recall having to run a couple winbind utilities to retrieve
usernames, group names and computer names, which was necessary before
joining a NT4 domain. I remember a few years ago, reading quite a few
articles on Linux joining NT4 domains that omitted to mention those
details and I spent almost 2 weeks reading and trying different methods
till I got it right.
Actually, what I have just described is probably an overly simplistic
view of Microsoft networking. Even domain configurations can vary quite
a lot, depending on how it is implemented, the number of computers and
the topology of your network. The PDC and BDC are still required, but
the experience in joining a computer to a domain and the number of hoops
you need to jump through can vary in many significant ways.
Anyway, for your own intents and purposes, if you have no requirement to
join a Windows domain (lucky you!), then just disable winbind and check
that inside '/etc/nsswitch.conf' there is no 'winbind' parameter there.
Regards,
--
Pascal Chong
email: chongym at cymulacrum.net
web: http://cymulacrum.net
pgp: http://cymulacrum.net/pgp/cymulacrum.asc
"La science ne connaît pas de frontière parce que la connaissance
appartient à l’humanité. et que c’est la flamme qui illumine le monde."
-- Louis Pasteur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20061023/439eba34/attachment-0001.sig>
More information about the fedora-list
mailing list