[Samba] New group membership not taken into account on member servers

Hans-Kristian Bakke hkbakke at gmail.com
Sun Oct 5 12:54:25 MDT 2014

I keep reading that Samba4 is supposed to not be working correctly
without winbind because of some internal API-calls, but still
everything seems to work nicely with the version in Debian Jessie. I
do not have winbind installed at all in my two Debian Jessie installs.
With "works nicely" I mean that I can use AD-groups to regulate access
to shares, and it works like it should do, just without the caching
issues of winbind (changes in access permissions are instantly
reflected on the next access in my tests)

And yes, I do not use RFC2307, but instead rely on deterministic
uid/gid mapping on the Linux-members, which currently is no extra work
as all the hosts run the same winbind configuration. I do not have the
NIS-extensions installed at all. I just don't like adding special
purpose stuff to AD just for Linux, when my use case does not need it
in any way. Perhaps I will view things differently in the future,
especially if I start running some winbind and some SSSD setups in the
same environment.

On 5 October 2014 20:27, steve <steve at steve-ss.com> wrote:
> On 05/10/14 19:30, Hans-Kristian Bakke wrote:
>  The migration needs to be planned a bit though, as I
>> wan't to use the UID and GID native to SSSD instead of the RID-based
>> ones I needed for winbind, so some scripting will be needed.
>> For Debian Jessie
> That version still needs winbind running (but not configured). As a
> replacement for winbind, go for sssd 1.12.1. Recommended.
> HTH,
> Steve
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list