[Samba] Using samba4 with AD and rfc2307 - what are the *current* practices?

Rowland Penny rowlandpenny at googlemail.com
Thu Dec 12 12:02:52 MST 2013

On 12/12/13 15:29, Michael Brown wrote:
> On 13-12-12 03:15 AM, L.P.H. van Belle wrote:
>> and remember sssd is NOT compatibele with sernet samba.
>> Just a reminder..
> Can someone suggest a better place then to get up-to-date packages for 
> various distros?
> On 13-12-12 03:12 AM, steve wrote:
>> winbind doesn't work on the DC. To do what you wish to do, add:
>> uidNumber: 1234567
>> to the DN of Administrator and use sssd or nslcd to extract the
>> information _directly_ from AD. Same on your remote client.
>> There are Samba4 howtos for sssd and nslcd.
> After thinking about it, it doesn't seem that going via sssd will 
> solve any of the problems I've listed.
> I'll still need to setup id mapping so that incoming connections (SMB, 
> etc) get mapped to the correct user. So I'll still need all the id 
> mapping stuff.
> Or is Samba smart enough to recognize that 'michael' or 'MAIN+michael' 
> is the same as the system user 'michael' and just use the system 
> user's uid/gid/etc?

This is confusing me, (yes I know, it doesn't take much) when you say 
'system user' do you mean a Linux user that is found in /etc/passwd?
If the answer to that is yes, then I am sorry, you cannot have the same 
username as a local user and a domain user, but you can use a domain 
user as a local user by joining the linux machine to the domain.

> What about the case where I don't have 'use default domain' turned on 
> and have multiple domains?
> M.

More information about the samba mailing list