[Samba] Samba4 DC winbind or sssd
sven.schwedas at tao.at
Mon Jul 28 09:03:24 MDT 2014
On 2014-07-28 16:54, Caleb O'Connell wrote:
> I have a samba4 Domain Controller, there are no other samba4 domain member
> servers in the network, there is one other samba 3 member server in the
> I've setup the DC with:
> idmap_ldb:use rfc2307 = yes
> On the samba4, do we use the idmap attributes?
> # idmap config * : backend = tdb
> # idmap config * : range = 70001-999999
> # idmap config IAPP : backend = ad
> # idmap config IAPP : schema_mode = rfc2307
> # idmap config IAPP : range = 10000-70000
> # winbind nss info = rfc2307
> # winbind trusted domains only = no
> # winbind use default domain = Yes
> # winbind enum users = Yes
> # winbind enum groups = Yes
> # winbind refresh tickets = yes
> # winbind nested groups = Yes
> Is this only a member server thing? The samba 3 server is using this and it
> works well. In my reading it sounds like samba4 does not support this on
> the DC.
> Is it recommended to use sssd on the DC for local accounts from AD?
It is generally recommended to not use either on a DC and use it just to
authenticate other nodes.
That said, winbind is broken on s4 dcs, sssd isn't. (Or rather,
s4-winbind is woefully incomplete in comparison to the already quite
limited s3-winbind, while sssd, being independently developed, works the
same with either).
Mit freundlichen Grüßen, / Best Regards,
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 648 bytes
Desc: OpenPGP digital signature
More information about the samba