[Samba] samba4 + LDAP

steve steve at steve-ss.com
Wed Oct 23 02:43:15 MDT 2013

> I've looked at
> http://wiki.samba.org/index.php/Local_user_management_and_authentication/sss
> d
> strange, seems to need a special account in our LDAP service, IS THIS TRUE ?
> or is there a way to continue with SSSD + PAM without changing anything in
> our LDAP service ?

Yes. You do not need any special account to run sssd or change from
winbind to sssd. What you may have seen is the need for a key to
authenticate to AD if you decide to go with gssapi auth. for sssd. Any
key will work. Quite often you have the MACHINE$ key in the keytab.
That's fine.

sssd simplifies pam by having just one module. This replaces the winbind
and krb5 modules. Unfortunately, many distros don't cater for this so
it's worth checking common-auth if things are not working after you
install sssd.


More information about the samba mailing list