[Samba] sssd configuration

steve steve at steve-ss.com
Mon Sep 15 23:53:27 MDT 2014

On Mon, 2014-09-15 at 23:05 +0200, Lars Hanke wrote:
> > Older versions of sssd back to 1.8 supported AD through the rfc2307bis
> > ldap schema. The configuration is a little more involved and you don't
> > get the drop-in AD engineered product, but it works and what's more it
> > would solve your Domain Users != domain users problem at the client end
> > at least. We documented the method for sssd <= 1.9.6 here:
> > http://linuxcostablanca.blogspot.com.es/2013/04/sssd-in-samba-40.html
> Thanks for the hint. I started out to install sssd on my test system. I 
> followed that link quite closely. But something strange happens: if I do 
> 'id myuser' it claims the user is unknown. Of course I can neither log 
> in with that user.
> I did sssd -i -d 0x7f0 and checked what happens. For login I see that it 
> queries the AD LDAP for myuser, finds all its groups and then enters 
> PAM. It performs a successful Kerberos authentication for the user.
> For id it does not query LDAP at all. Nothing in the logs, no traffic in 
> wireshark.
> Of course nssswitch.conf has 'compat sss' for passwd, group, and shadow. 
> Also pam_sss.so is listed in /etc/pam.d/common-*.
> Any ideas for troubleshooting?

It could be that old versions don't support it. Does a:
sssd -i -d7 give any clues?
Is there any way you can get an AD version for your distro? Or build it?
Any of the 1.11.x or 1.12.x series is fine.

More information about the samba mailing list