[Samba] sssd configuration

Lars Hanke debian at lhanke.de
Mon Sep 15 15:05:47 MDT 2014

> Older versions of sssd back to 1.8 supported AD through the rfc2307bis
> ldap schema. The configuration is a little more involved and you don't
> get the drop-in AD engineered product, but it works and what's more it
> would solve your Domain Users != domain users problem at the client end
> at least. We documented the method for sssd <= 1.9.6 here:
> http://linuxcostablanca.blogspot.com.es/2013/04/sssd-in-samba-40.html

Thanks for the hint. I started out to install sssd on my test system. I 
followed that link quite closely. But something strange happens: if I do 
'id myuser' it claims the user is unknown. Of course I can neither log 
in with that user.

I did sssd -i -d 0x7f0 and checked what happens. For login I see that it 
queries the AD LDAP for myuser, finds all its groups and then enters 
PAM. It performs a successful Kerberos authentication for the user.

For id it does not query LDAP at all. Nothing in the logs, no traffic in 

Of course nssswitch.conf has 'compat sss' for passwd, group, and shadow. 
Also pam_sss.so is listed in /etc/pam.d/common-*.

Any ideas for troubleshooting?

More information about the samba mailing list