[Samba] How to configure samba to use LDAP/Kerberos authentication without using winbind?

mathias dufresne infractory at gmail.com
Mon May 23 11:51:11 UTC 2016

The attributes chosen to produce users from AD is important too. Windows
users (users accessing a Samba share from a Windows platform) use
primaryGroupID as main group ID when generally UNIX users are based on
RFC2307 attributes (gibNumber for main group).

If my understanding is correct this is to be taken in account too to get
right ACLs on files on Samba shares.

2016-05-22 10:43 GMT+02:00 Rowland penny <rpenny at samba.org>:

> On 22/05/16 05:01, Dewayne Geraghty wrote:
>> Rowland, I'm in a similar situation.  We use virtual machines on one
>> physical host that calls upon AD (mail, squid, ...). nslcd is less complex
>> to install/maintain due to lower number of additional libraries/packages
>> required, as well as less resource impact.
>> Name      RSS     VSZ      No of shared libs
>> winbindd  46.9M   84.3M    120
>> nslcd          6.8M   35.8M     19
>> taken from FreeBSD 10.3
> Whilst nslcd appears to use less libs, over 98% of the libs used by
> winbindd are also used by smbd (you are using smbd, aren't you? ), so you
> may be installing more libs than needed. As for complexity of install,
> winbindd uses smb.conf and you will have set this up anyway. To put it
> bluntly, if you use nlscd, you are installing and setting it up to do
> something that winbind will do very easily.
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list