[Samba] AD domain member with sssd: any downside not running winbindd?

Rowland Penny rowlandpenny at googlemail.com
Mon Jan 27 14:11:10 MST 2014

On 27/01/14 20:37, Andrew Bartlett wrote:
> On Tue, 2014-01-21 at 18:47 +0100, steve wrote:
>> On Tue, 2014-01-21 at 15:00 -0200, Márcio Merlone wrote:
>>> Em 21-01-2014 14:03, steve escreveu:
>>>> On Tue, 2014-01-21 at 16:38 +0100, Sven Schwedas wrote:
>>>>> sssd is completely independent of winbindd. Iirc smbd needs winbindd
>>>>> (not sure about that), but if all you need is auth, winbindd is not
>>>>> necessary.
>>>> Hi
>>>> We have a smbd 4.1.3 file server with sssd for authentication, autofs
>>>> and rfc2307. winbindd is not running, nor does it figure in nss.
>>>> Maybe you are thinking of samba?
>>> Big picture:
>>> I'm upgrading an old samba3+ldap server to samba4 ad, and have to deal
>>> with my mail server, proxy, applications, etc authing on new samba. I'm
>>> tailoring the best solution.
>> Winbind doesn't yet work properly: if you need rfc2307 over and above
>> just the uid:gid on the DC, you have to use sssd, nss-ldapd. . . winbind
>> won't do it.
>> HTH
> The key point here is *on the DC*.  On the domain member server,
> winbindd still does all these things, just like it has for quite some
> time.  It is more of a pain to configure than I would like, but it can
> do it.
> Andrew Bartlett
At last a dev that admits that winbind is a pain to configure, yes I 
know winbind can do what it is supposed to do but I personally ( I will 
say that again) I personally think that it needs to be made easier, does 
the administrator really need to think about the BUILTIN users for 
instance, could the ranges not be allocated automatically, in fact 
couldn't anything be done to make the set up easier.


More information about the samba mailing list