[Samba] samba4 and sssd and user mapping

Rowland Penny rowlandpenny at googlemail.com
Mon Jan 27 07:26:17 MST 2014

On 27/01/14 13:50, Björn JACKE wrote:
> On 2014-01-26 at 12:40 +0100 steve sent off:
>> Winbind and sssd do exactly the same job. Choose whichever one you feel
>> happy with.
> read the previous mails, sssd and winbind do not do the same job, especially
> not in smbd file/print server setups.

Could you please explain just how winbind differs from sssd as you seem 
to know the differences, also could you explain your definition of a smb 
file/print server???

>>> sssd supports user authentication for the pam stack nicely but this is not what
>>> smbd needs.
>> winbind also needs to be included in your pam configuration. smbd works
>> perfectly on a member server with both nss and pam controlled by sssd.
> you are talking about completely different setups here. A smbd
> file/print server does not use pam at all.

So how does smbd get its authentication then in an AD domain?

>> sssd does not need winbind running. You must NOT run winbindd together
>> with sssd. sssd is a substitute for winbindd. Use one or the other.
> nobody said that sssd needs winbind. *smbd* needs winbind to get the idmapping
> with domain users right.
Ah, I think I see a chink of light here, idmapping! mapping a unix group 
to a windows group, so you are inferring that you must use winbind for 
this to happen.


> Björn

More information about the samba mailing list