[Samba] sssd-ad cannot be installed with sernet samba

Rowland Penny rowlandpenny at googlemail.com
Thu Apr 2 07:59:09 MDT 2015

On 02/04/15 14:37, Luca Olivetti wrote:
> El 02/04/15 a les 14:56, Rowland Penny ha escrit:
>> *We _do not recommend_ using the Domain Controller as a file Server*.
> I'm sorry to chime in again, but I have no intention of using the DC as
> a file server *but* I like to have the user mapping in place for other
> purposes (e.g. see the file ownership when I nfs mount the netapp storage).
> Since I already configured sssd in all member servers (in the test
> network, this isn't going to go live for a while) and winbind is not
> supposed to work on the DC (or so I read in this list) I simply thought
> that sssd was the natural solution.
> Bye

If the nfs mount is the DC, you are using the DC as a file server, but 
if you are just using the DC for authentication, then winbind will do 
what sssd does, you just need to set winbind correctly on the member 

It isn't that winbind doesn't work on the DC, it is that, until 4.2, 
winbind was built into the samba daemon and did not have the 
capabilities of the standalone winbindd daemon. Unfortunately when 4.2 
came out, it was found that though winbindd was now being used and some 
of the problems had been solved, the unixhomedirectory & shell 
attributes are still not available from AD. The devs seem to be 
concentrating on getting the windows side working better/correctly 
before any Unix problems, a mistake in my opinion, but they are writing 
the code (something I couldn't do) and as such they get to say in which 
direction to go (could be worse, LP could be one of the devs). I am sure 
that the Unix winbindd problems will get fixed, I just unsure when :-)


More information about the samba mailing list