SELinux attributes in Samba domain

Rowland penny rpenny at
Tue Sep 15 11:50:52 UTC 2020

On 15/09/2020 12:08, Mikhail Novosyolov wrote:
> 15 сентября 2020 г. 10:10:32 GMT+03:00, Rowland penny via samba-technical <samba-technical at> пишет:
>> Your problem will come with sssd, it isn't supported by Samba (because
>> we do not produce it and no little about it) and even Red-Hat no longer
>> supports it use with Samba.
> What is the problem to use sssd as a client to enroll into Samba AD domain?

Before Samba 4.8.0 , the smbd deamon could contact AD directly, this 
meant you could use sssd with Samba, instead of using winbind. From 
Samba 4.8.0, if 'security = ADS' is set in smb.conf, smbd must contact 
winbind, it can no longer contact AD directly. You cannot install sssd 
and winbind together, they both have their own versions of the winbind libs.

If you want to extend the schema to store selinux data, then this should 
be possible (you just need the correct .ldif), but you would then need  
a tool to extract them from AD.


More information about the samba-technical mailing list