[Samba] please confirm: sssd not a good idea :)

Rowland penny rpenny at samba.org
Mon Jun 10 16:05:20 UTC 2019


On 10/06/2019 16:04, vincent at cojot.name wrote:
>
> There is probably some amount of redtape on this but AFAIK it works 
> fine for me: My RHEL7.6 hypervisors are joined to my AD DC 4.10.4 VMs 
> through use of realm '(and thus sssd):
>
> Here's a RHEL7.6 client:
> # realm list
> ad.lasthome.solace.krynn
>   type: kerberos
>   realm-name: AD.LASTHOME.SOLACE.KRYNN
>   domain-name: ad.lasthome.solace.krynn
>   configured: kerberos-member
>   server-software: active-directory
>   client-software: sssd
>   required-package: oddjob
>   required-package: oddjob-mkhomedir
>   required-package: sssd
>   required-package: adcli
>   required-package: samba-common-tools
>   login-formats: %U
>   login-policy: allow-realm-logins
>
> The AD domain above is two RHEL7.6 VMs with samba 4.10.4 and the rpms 
> from there: http://nova.polymtl.ca/~coyote/dist/samba/samba-4.10.4/RHEL7


Hi Vincent, I have never said that you cannot use sssd with Samba, I 
just said that Samba doesn't support sssd.

I have now found (whilst searching for something else) the red-hat 
webpage I posted the link to earlier, this unequivocally says that 
red-hat does not support the use of sssd with Samba.

This (to myself) means that Samba cannot support the use of sssd, 
because we do not produce it and red-hat (who do produce it) do not 
support its use with Samba, so it looks like you are on your own if 
something goes wrong.

Moral of the story, stick to using winbindd instead ;-)

Rowland





More information about the samba mailing list