[Samba] samba4 and sssd and user mapping

steve steve at steve-ss.com
Mon Jan 27 10:56:51 MST 2014

On Mon, 2014-01-27 at 15:39 +0100, Volker Lendecke wrote:
> On Mon, Jan 27, 2014 at 02:26:17PM +0000, Rowland Penny wrote:
> > >you are talking about completely different setups here. A smbd
> > >file/print server does not use pam at all.
> > 
> > So how does smbd get its authentication then in an AD domain?
> Look at "wbinfo -a". This exactly simulates what smbd is
> doing. Forward the authentication credentials to AD.
> Alternatively, if kerberos is used, smbd and winbind
> communicate via the netsamlogon_cache.tdb. smbd puts the
> windows authorization information into that file, winbind
> then retrieves it from there when nss information is being
> asked for. I'm not sure sssd does that the same way.
> Volker

Well, thanks. But no thanks. That's not enough to convince us to even
think about winbind as a substitute for sssd on our 600 user 80 machine
domain, especially since winbind on the DC simply does not work.
Thanks again. Please could you give real hands on reasons that those of
us who are not developers would understand?

What you are saying is very worrying for us. In 8 months of production
with Samba4 and sssd throughout the domain we have never had the
slightest problem with the latter. Are we ever likely to see what you
are mentioning as an error which would bring us to a standstill or slow
us down? That sssd does not do something in the same way? If not, could
you please tell us how we could force the error? We would then consider
switching to winbind.

Cheers and thanks for your help.

More information about the samba mailing list