[Samba] samba4 and sssd and user mapping
Volker.Lendecke at SerNet.DE
Mon Jan 27 12:50:31 MST 2014
On Mon, Jan 27, 2014 at 06:56:51PM +0100, steve wrote:
> On Mon, 2014-01-27 at 15:39 +0100, Volker Lendecke wrote:
> > On Mon, Jan 27, 2014 at 02:26:17PM +0000, Rowland Penny wrote:
> > > >you are talking about completely different setups here. A smbd
> > > >file/print server does not use pam at all.
> > >
> > > So how does smbd get its authentication then in an AD domain?
> > Look at "wbinfo -a". This exactly simulates what smbd is
> > doing. Forward the authentication credentials to AD.
> > Alternatively, if kerberos is used, smbd and winbind
> > communicate via the netsamlogon_cache.tdb. smbd puts the
> > windows authorization information into that file, winbind
> > then retrieves it from there when nss information is being
> > asked for. I'm not sure sssd does that the same way.
> > Volker
> Well, thanks. But no thanks. That's not enough to convince us to even
> think about winbind as a substitute for sssd on our 600 user 80 machine
> domain, especially since winbind on the DC simply does not work.
> Thanks again. Please could you give real hands on reasons that those of
> us who are not developers would understand?
> What you are saying is very worrying for us. In 8 months of production
> with Samba4 and sssd throughout the domain we have never had the
> slightest problem with the latter. Are we ever likely to see what you
> are mentioning as an error which would bring us to a standstill or slow
> us down? That sssd does not do something in the same way? If not, could
> you please tell us how we could force the error? We would then consider
> switching to winbind.
This very much depends on your environment and user/group
structure. If your environment is such that sssd can do what
you want, feel free to use it.
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba