[Samba] AD domain member with sssd: any downside not running winbindd?

Andrew Bartlett abartlet at samba.org
Mon Jan 27 13:37:29 MST 2014


On Tue, 2014-01-21 at 18:47 +0100, steve wrote:
> On Tue, 2014-01-21 at 15:00 -0200, Márcio Merlone wrote:
> > Em 21-01-2014 14:03, steve escreveu:
> > > On Tue, 2014-01-21 at 16:38 +0100, Sven Schwedas wrote:
> > >> sssd is completely independent of winbindd. Iirc smbd needs winbindd
> > >> (not sure about that), but if all you need is auth, winbindd is not
> > >> necessary.
> > > Hi
> > > We have a smbd 4.1.3 file server with sssd for authentication, autofs
> > > and rfc2307. winbindd is not running, nor does it figure in nss.
> > >
> > > Maybe you are thinking of samba?
> > Big picture:
> > I'm upgrading an old samba3+ldap server to samba4 ad, and have to deal 
> > with my mail server, proxy, applications, etc authing on new samba. I'm 
> > tailoring the best solution.
> 
> Winbind doesn't yet work properly: if you need rfc2307 over and above
> just the uid:gid on the DC, you have to use sssd, nss-ldapd. . . winbind
> won't do it.
> HTH

The key point here is *on the DC*.  On the domain member server,
winbindd still does all these things, just like it has for quite some
time.  It is more of a pain to configure than I would like, but it can
do it.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba mailing list