[Samba] please confirm: sssd not a good idea :)

Uwe Laverenz uwe at laverenz.de
Sat Jun 8 15:24:56 UTC 2019

Hi all,

when you join a linux server to an active directory with "realm" it uses 
"sssd" as default. This works well as long as you just want to be a 
simple domain member.

As soon as you want a real member server, with acls for example, you 
need winbind instead of sssd. You can't even connect to or configure 
your server with "net rpc" without using winbind, right?

As Rowland pointed out in another thread, a Samba 4.8.0+ domain member 
needs winbind anyway.

Could you please confirm that I finally got it right and that the use of 
"sssd" should be avoided except for basic authentication and that for 
serious samba servers "winbind" is the only (correct and supported) way 
to go?

thank you,

More information about the samba mailing list