[Samba] Domain member (2k8R2) server, problem mapping Kerberos/NSS users

Elias Probst mail at eliasprobst.eu
Mon Jul 21 09:52:38 MDT 2014

Oups, that went off-list…

On 07/21/2014 05:47 PM, Elias Probst wrote:
> On 07/21/2014 05:38 PM, Rowland Penny wrote:
>> This seems to say that winbind will map the domain users to local users,
>> so I suppose the next question has to be, is winbind running ?
> Looking at [1] I don't think I'd need winbindd, as winbindd is in this
> scenario obsoleted by SSSD.
> [1]
> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2604553
>> Winbind is not used; users and groups resolved via NSS:
>> In this situation user and group accounts are treated as if they are
>> local accounts. The only way in which this differs from having local
>> accounts is that the accounts are stored in a repository that can be
>> shared. In practice this means that they will reside in either an
>> NIS-type database or else in LDAP.
>> This configuration may be used with standalone Samba servers, domain
>> member servers [sic!] (NT4 or ADS), and for a PDC that uses either an
>> smbpasswd or a tdbsam-based Samba passdb backend.
> winbind would just duplicate the efforts (talk to LDAP/AD to resolve
> users etc.) already done by SSSD.
> See also: https://www.fedorahosted.org/sssd/wiki/SSSD-vs-Winbind
> - Elias

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140721/022dd439/attachment.pgp>

More information about the samba mailing list