[Samba] Manage unix users from AD

steve steve at steve-ss.com
Tue Jan 28 09:58:08 MST 2014

On Tue, 2014-01-28 at 14:36 -0200, Márcio Merlone wrote:
> Em 28-01-2014 14:23, mourik jan heupink escreveu:
> >>>> Consider a network with about 200+ employees, most of them windows 
> >>>> user.
> >>>> Happens that one need to provide other non-windows services like 
> >>>> e-mail,
> >>>> proxy and many others to them, running on other linux servers.
> > We are running a network exactly like that.  In the samba3 days (one 
> > PDC, openldap backend) we did not need winbind, never used it, no 
> > complaints.
> > I am now testing samba4, and need (like we did in samba3/openldap) my 
> > users to be linux and windows. We have one realm/domain, all users 
> > have posix attributes.
> I am still considering a dual auth-database and keep an OpenLDAP tree 
> for unix-only users, like ftp and daemons accounts - bacula, munin, 
> dovecot, etc, etc, etc.
> > I was planning to have two (DC only) DC's, both virtualised, and two 
> > fileservers. 
> Why two? Fail-over?
> > It seems now (having read all discussion recently on sssd/winbind) in 
> > samba4 we DO need winbind?
> Wait! Is there a chance not to? Please, tell me if you find.... :)

All I can do is reiterate that in all our 8 months of production with s
Samba4 domain, we have NEVER used winbind. The only place where we have
no choice of it running is on the DC, where it does not work properly
for rfc2307. There we ignore it and use sssd instead. So yes, I really
do believe that there is a '...chance not to [use winbind]'.
Good luck,

More information about the samba mailing list