[Samba] Samba4 changing a user's password from linux workstation
Rowland penny
rpenny at samba.org
Tue May 14 13:58:50 UTC 2019
On 14/05/2019 14:35, Luc Lalonde wrote:
> Hello Rowland,
>
> We’ve been using SSSD with Acitve Directory for a few years now… It’s
> been solid for us.
I never said it wasn't solid (possibly because it it is built on top of
some of the winbind code), I just said that you do not need it.
>
> Our Linux clients use the AD-Kerberos via SSSD for secure NFS4 mounts
> with POSIX attributes defined in AD
> (uidNumber, gidNumber, unixHomeDirectory, loginShell).
Funnily enough, you can do all of the above with winbind.
>
> Before putting into production, I tested using Winbind and could not
> get it to do what I wanted. If I remember correctly, I had problems
> with groups. I didn’t want DOMAIN\groupname… just groupname to
> show. I don’t remember why this was causing me problems… just that
> this was the main reason.
You mean something like this:
getent group Domain\ Users
domain
users:x:10000:testuser,user27,saducuser,testuser2,sudouser,user26,swanadmin,ktestuser,testuser1,example$,kte.....
If it didn't work for you, then your smb.conf was mis-configured.
>
> At the time, I found that the documentation for integrating AD with
> Linux was best documented… in particular at RedHat:
>
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/summary-direct
>
> They give further reasons for choosing SSSD over Winbind in that document.
>
That just basically says 'Hey, use our product', it doesn't really say
why and just how sssd is better than winbind.
You do not need either sssd or realmd, just about the only thing that
sssd can do that winbind cannot do, is cache sudo rules, I think you
will find that if you need cached sudo rules, you have much bigger
problems. As for realmd, a bit of bash and 'net ads join' will do the same.
But hey, it is your computer, you use what you want, just don't expect
to get help with non Samba products here.
Rowland
More information about the samba
mailing list