[Samba] NSLCD works, do I need RFC2307 extensions enabled in AD as well?

Rowland Penny rowlandpenny at googlemail.com
Mon Apr 20 15:01:48 MDT 2015

On 20/04/15 21:50, john wrote:
> Thank you Rowland, so it looks like kerberos should be my
> authentication method and that I'll need to install rfc2307 extensions
> in my Active Directory environment in order to use your approach. Your
> approach supports UPN names for access to shares and It also appears
> that I won't need to use nslcd at all. Does all of that sound correct
> to you?
> Thanks again!
> John
> On Mon, Apr 20, 2015 at 1:17 PM, Rowland Penny
> <rowlandpenny at googlemail.com> wrote:
>>> it seems like the missing part is getting winbind to use that information.
>>> Can you guide me on the proper approach?
>>> Thanks!
>>> John
>> OK, have a look here: https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>> That is basically my smb.conf (and when I say 'my' I really mean that is 'my' smb.conf)
>> Rowland

I can only say that it works as I suggested against a samba AD DC (and I 
tried it both ways) and I don't use anything other than samba for 

I would suggest you try it on a test set up in a VM and if it works, go 
to production.


More information about the samba mailing list