SELinux attributes in Samba domain
rpenny at samba.org
Tue Sep 15 11:50:52 UTC 2020
On 15/09/2020 12:08, Mikhail Novosyolov wrote:
> 15 сентября 2020 г. 10:10:32 GMT+03:00, Rowland penny via samba-technical <samba-technical at lists.samba.org> пишет:
>> Your problem will come with sssd, it isn't supported by Samba (because
>> we do not produce it and no little about it) and even Red-Hat no longer
>> supports it use with Samba.
> What is the problem to use sssd as a client to enroll into Samba AD domain?
Before Samba 4.8.0 , the smbd deamon could contact AD directly, this
meant you could use sssd with Samba, instead of using winbind. From
Samba 4.8.0, if 'security = ADS' is set in smb.conf, smbd must contact
winbind, it can no longer contact AD directly. You cannot install sssd
and winbind together, they both have their own versions of the winbind libs.
If you want to extend the schema to store selinux data, then this should
be possible (you just need the correct .ldif), but you would then need
a tool to extract them from AD.
More information about the samba-technical