[Samba] Samba4 DC winbind or sssd

Caleb O'Connell caleb at privacyassociation.org
Mon Jul 28 08:54:17 MDT 2014

I have a samba4 Domain Controller, there are no other samba4 domain member 
servers in the network, there is one other samba 3 member server in the 
I've setup the DC with:
idmap_ldb:use rfc2307 = yes

On the samba4, do we use the idmap attributes?

#       idmap config * : backend = tdb
#       idmap config * : range = 70001-999999
#       idmap config IAPP : backend = ad
#       idmap config IAPP : schema_mode = rfc2307
#       idmap config IAPP : range = 10000-70000
#       winbind nss info = rfc2307
#       winbind trusted domains only = no
#       winbind use default domain = Yes
#       winbind enum users = Yes
#       winbind enum groups = Yes
#       winbind refresh tickets = yes
#       winbind nested groups = Yes

Is this only a member server thing?  The samba 3 server is using this and it 
works well.  In my reading it sounds like samba4 does not support this on 
the DC.

Is it recommended to use sssd on the DC for local accounts from AD?

Thanks in advance for any advice


More information about the samba mailing list