On Sun, 2006-10-22 at 12:51 +0100, Anne Wilson wrote: > I'm very confused about this. I see those messages on both boxes that report. > On one winbind was running at level 5 - I've switched it off and disabled it > in chkconfig - but on the other it was not running at any level. > > I looked at the /etc/nsswitch.conf, but again I didn't really know what it was > looking for, so I don't know whether it is set up right or not. I'll post it > here if it helps. My theory is more than a little rusty, but here's what I can remember (and I'm sure someone will correct me if I am wrong): For NT and Active Directory domains, computers (servers and workstations) need to be added to the Primary Domain Controller (PDC), which keeps an LDAP-like directory containing all the computers and printers on the domain (Server Manager applet in NT4, IIRC). The PDC runs a name service similar to DNS, and computers that are domain members will contact the PDC whenever it needs to locate a computer or service, such as a printer. All this is handled more or less automatically by WinXP Pro and Win2KPro. The problem is that Linux does not have that capability natively. Samba provides that function for simple workgroup sharing, but Winbind provides the additional functionality for joining a domain. Because PDC's provide a name service, Linux domain members can make use of it by adding 'winbind' as another parameter in /etc/nsswitch.conf. I'm not sure if it is mandatory as memory fails me on this. It may be, because I recall having to run a couple winbind utilities to retrieve usernames, group names and computer names, which was necessary before joining a NT4 domain. I remember a few years ago, reading quite a few articles on Linux joining NT4 domains that omitted to mention those details and I spent almost 2 weeks reading and trying different methods till I got it right. Actually, what I have just described is probably an overly simplistic view of Microsoft networking. Even domain configurations can vary quite a lot, depending on how it is implemented, the number of computers and the topology of your network. The PDC and BDC are still required, but the experience in joining a computer to a domain and the number of hoops you need to jump through can vary in many significant ways. Anyway, for your own intents and purposes, if you have no requirement to join a Windows domain (lucky you!), then just disable winbind and check that inside '/etc/nsswitch.conf' there is no 'winbind' parameter there. Regards, -- Pascal Chong email: chongym@xxxxxxxxxxxxxx web: http://cymulacrum.net pgp: http://cymulacrum.net/pgp/cymulacrum.asc "La science ne connaît pas de frontière parce que la connaissance appartient à l’humanité. et que c’est la flamme qui illumine le monde." -- Louis Pasteur
Attachment:
signature.asc
Description: This is a digitally signed message part
