[Samba] sssd not a good idea
Goetz, Patrick G
pgoetz at math.utexas.edu
Wed Jun 12 18:51:54 UTC 2019
On 6/12/19 12:14 PM, Rowland penny via samba wrote:
>>
>> From that perspective, unless you're using Samba as a PDC/BDC, the only
>> security setting you ever want to use is
>>
>> security = user
>>
>> Am I missing something?
>
> Yes, using that means it can only be a standalone server and not part of
> a domain.
>
I guess I don't understand what you mean by this. I have dozens of
linux machines which are joined to our AD domain which don't even have
Samba installed (well, samba-common and samba-libs are required by sssd,
but not running smbd, nmbd, or winbind). They are definitely part of a
domain (e.g, domain users can authenticate.
Furthermore, on one of these machines I can run smbd 4.8.3 and mount
shares from it to other domain bound machines. I am wondering if there
are any gotchas waiting in store as a result; say permissions not being
respected, or something, but any action taken through SMB is eventually
going to have to pass through the VFS gatekeeper, so I'm not seeing how
that could be a problem, at least for mode bits and POSIX ACLs. I'd
love to use Windows ACL's, but ext4 doesn't support them and most of the
file access occurs from other linux systems, Maybe could get away with
NFSv4 access only, but am not sure I want to take on the headache of
trying to mess Samba Windows ACLs with NFSv4 ACLs.
More information about the samba
mailing list