[Samba] AD domain member with sssd: any downside not running winbindd?

Björn JACKE bj at SerNet.DE
Mon Jan 27 06:07:46 MST 2014

Hi Márcio,

On 2014-01-21 at 15:00 -0200 Márcio Merlone sent off:
> Big picture:
> I'm upgrading an old samba3+ldap server to samba4 ad, and have to
> deal with my mail server, proxy, applications, etc authing on new
> samba. I'm tailoring the best solution.

for servers that do are not member servers e.g. smbd is acting as file or print
server then you can use sssd instead of winbind. As soon as you want to
use smbd as file/print server, you need winbind for proper operation
and for a supported setup. ID mapping, e.g SIDs to POSIX IDs will not
the translated properly otherwise. Different to what other users on this list
to tell you you are also able to use the rfc2307 attributes from AD, see
winbins nss info from the smb.conf man page for that. Once more: on a samba
member server running winbind is the only setup supported by the samba team.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140127/3c8ff082/attachment.pgp>

More information about the samba mailing list