Updating Winbindd Privileged Socket Path
Matthew Newton
mcn at freeradius.org
Mon Jun 21 18:07:42 CEST 2021
On 21/06/2021 15:57, Alan DeKok wrote:
> It might work. https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
>
> ... Client tools must then be advised of the altered path with the WINBINDD_SOCKET_DIR environment variable.
I wasn't aware of that one - the code seems to have something slightly
different, "SELFTEST_WINBINDD_SOCKET_DIR", so maybe try that, too (but
from its name it sounds like its intended for internal use only):
https://git.samba.org/?p=samba.git;a=blob;f=nsswitch/wb_common.c;h=45c1969acc225bd699445caa26befd68b8164fae;hb=refs/heads/master#l405
But the documentation seems to indicate that it's not safe to use as not
everything will honour it. If ntlm_auth doesn't, then the wbclient code
should do as it uses the wb_common library stuff above. I'd be surprised
if ntlm_auth doesn't use the same client code though.
The only time I've done it before I build Samba twice with two different
paths, and called each one separately. That will work with ntlm_auth,
but not wbclient as you can't link FreeRADIUS against both versions.
The answer is pretty much "don't move the privileged socket location, or
if you do, rebuild Samba with a different location".
--
Matthew
More information about the Freeradius-Users
mailing list