[Samba] AD domain member with sssd: any downside not running winbindd?

steve steve at steve-ss.com
Tue Jan 28 00:39:19 MST 2014


On Tue, 2014-01-28 at 09:37 +1300, Andrew Bartlett wrote:
> On Tue, 2014-01-21 at 18:47 +0100, steve wrote:
> > On Tue, 2014-01-21 at 15:00 -0200, Márcio Merlone wrote:
> > > Em 21-01-2014 14:03, steve escreveu:
> > > > On Tue, 2014-01-21 at 16:38 +0100, Sven Schwedas wrote:
> > > >> sssd is completely independent of winbindd. Iirc smbd needs winbindd
> > > >> (not sure about that), but if all you need is auth, winbindd is not
> > > >> necessary.
> > > > Hi
> > > > We have a smbd 4.1.3 file server with sssd for authentication, autofs
> > > > and rfc2307. winbindd is not running, nor does it figure in nss.
> > > >
> > > > Maybe you are thinking of samba?
> > > Big picture:
> > > I'm upgrading an old samba3+ldap server to samba4 ad, and have to deal 
> > > with my mail server, proxy, applications, etc authing on new samba. I'm 
> > > tailoring the best solution.
> > 
> > Winbind doesn't yet work properly: if you need rfc2307 over and above
> > just the uid:gid on the DC, you have to use sssd, nss-ldapd. . . winbind
> > won't do it.
> > HTH
> 
> The key point here is *on the DC*.  On the domain member server,
> winbindd still does all these things, just like it has for quite some
> time.  It is more of a pain to configure than I would like, but it can
> do it.
> 
> Andrew Bartlett
> 

Thank you. Common sense comments from a developer. Summary:
1. On the DC it doesn't work.
2. It is a pain to configure.
Cheers and thanks again,
Steve

 



More information about the samba mailing list