[Samba] sssd not a good idea

Goetz, Patrick G pgoetz at math.utexas.edu
Wed Jun 12 18:51:54 UTC 2019

On 6/12/19 12:14 PM, Rowland penny via samba wrote:
>>   From that perspective, unless you're using Samba as a PDC/BDC, the only
>> security setting you ever want to use is
>>       security = user
>> Am I missing something?
> Yes, using that means it can only be a standalone server and not part of 
> a domain.

I guess I don't understand what you mean by this.  I have dozens of 
linux machines which are joined to our AD domain which don't even have 
Samba installed (well, samba-common and samba-libs are required by sssd, 
but not running smbd, nmbd, or winbind).  They are definitely part of a 
domain (e.g, domain users can authenticate.

Furthermore, on one of these machines I can run smbd 4.8.3  and mount 
shares from it to other domain bound machines.  I am wondering if there 
are any gotchas waiting in store as a result; say permissions not being 
respected, or something, but any action taken through SMB is eventually 
going to have to pass through the VFS gatekeeper, so I'm not seeing how 
that could be a problem, at least for mode bits and POSIX ACLs.  I'd 
love to use Windows ACL's, but ext4 doesn't support them and most of the 
file access occurs from other linux systems,  Maybe could get away with 
NFSv4 access only, but am not sure I want to take on the headache of 
trying to mess Samba Windows ACLs with NFSv4 ACLs.

More information about the samba mailing list