[Samba] Samba 4 with sssd - primary Windows group membership not honored
Joseph Dickson
jdickson at evolvetsi.com
Mon Apr 11 19:03:23 UTC 2016
I just wanted to write a quick followup to button up this thread...
On Wed, Mar 23, 2016 at 12:40 PM, Rowland penny <rpenny at samba.org> wrote:
>
> On a Domain member you do not need sssd, winbind will do everything that
> sssd does, but on an AD DC it is a bit different, winbind there ignores all
> the RFC2307 attributes except for uidNumber & gidNumber.
>
> Samba only recommends using winbind, sssd is not supplied or supported by
> Samba.
>
I went ahead and followed Rowland and Mathias's recommendations to use
winbind alone, and that has indeed cleared up all the original issues I was
experiencing. I definitely wish there were a succinct documentation page
somewhere that explained more about the pitfalls of sssd and why you ought
to stick with Winbind in the general case, and the expected corner cases
that each deals with less-well than the other, etc.. maybe some day I'll
have enough knowledge about it to write one :-)
Bottom line though -- thanks for the steer toward winbind only. Things are
working much better now!
--
*Joseph Dickson*
Director of IT Systems, Evolve Tele-Services, Inc.
More information about the samba
mailing list