[Samba] please confirm: sssd not a good idea :)

Uwe Laverenz uwe at laverenz.de
Mon Jun 10 18:32:05 UTC 2019

Hi Vincent,

Am 10.06.19 um 17:04 schrieb Vincent S. Cojot via samba:
> There is probably some amount of redtape on this but AFAIK it works fine 
> for me: My RHEL7.6 hypervisors are joined to my AD DC 4.10.4 VMs through 
> use of realm '(and thus sssd):

Yes, this worked for me too...as long as I used simple shares with Posix 
acls. :)

> Here's a RHEL7.6 client:
> # realm list
> ad.lasthome.solace.krynn
>    type: kerberos
>    domain-name: ad.lasthome.solace.krynn
>    configured: kerberos-member
>    server-software: active-directory
>    client-software: sssd
>    required-package: oddjob
>    required-package: oddjob-mkhomedir
>    required-package: sssd
>    required-package: adcli
>    required-package: samba-common-tools
>    login-formats: %U
>    login-policy: allow-realm-logins
> The AD domain above is two RHEL7.6 VMs with samba 4.10.4 and the rpms 
> from there: http://nova.polymtl.ca/~coyote/dist/samba/samba-4.10.4/RHEL7

Please try this to see what I mean:

> # net rpc rights list privileges SeDiskOperatorPrivilege -U "YOURDOMAIN\Administrator"

You won't probably be able to connect to your server. I was following 
this page:

> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

It didn't work until I switched to winbind.

But as Rowland found in RHELs Admin Guide, we have to use winbind anyway.


More information about the samba mailing list