[Samba] Domain member (2k8R2) server, problem mapping Kerberos/NSS users
Elias Probst
mail at eliasprobst.eu
Mon Jul 21 09:52:38 MDT 2014
Oups, that went off-list…
On 07/21/2014 05:47 PM, Elias Probst wrote:
> On 07/21/2014 05:38 PM, Rowland Penny wrote:
>> This seems to say that winbind will map the domain users to local users,
>> so I suppose the next question has to be, is winbind running ?
>
> Looking at [1] I don't think I'd need winbindd, as winbindd is in this
> scenario obsoleted by SSSD.
>
>
> [1]
> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2604553
>
>> Winbind is not used; users and groups resolved via NSS:
>>
>> In this situation user and group accounts are treated as if they are
>> local accounts. The only way in which this differs from having local
>> accounts is that the accounts are stored in a repository that can be
>> shared. In practice this means that they will reside in either an
>> NIS-type database or else in LDAP.
>>
>> This configuration may be used with standalone Samba servers, domain
>> member servers [sic!] (NT4 or ADS), and for a PDC that uses either an
>> smbpasswd or a tdbsam-based Samba passdb backend.
>
> winbind would just duplicate the efforts (talk to LDAP/AD to resolve
> users etc.) already done by SSSD.
> See also: https://www.fedorahosted.org/sssd/wiki/SSSD-vs-Winbind
>
> - Elias
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140721/022dd439/attachment.pgp>
More information about the samba
mailing list