[Samba] sssd not a good idea

Simo Sorce idra at samba.org
Sat Jun 15 11:33:44 UTC 2019

On Wed, 2019-06-12 at 18:14 +0100, Rowland penny via samba wrote:
> On 12/06/2019 18:02, Goetz, Patrick G via samba wrote:
> > So, the bug reports referenced below are in regard to having Samba be a
> > domain member.  My question is why would I want Samba to be a domain
> > member?  I want the machine Samba runs on to be a domain member, because
> > there are other things going on on that machine as well.
> You cannot have one without the other, a Unix computer without Samba is 
> just that, a Unix machine. Add Samba and you can join an AD domain, the 
> letters 'S', 'M' and 'B' in Samba are there for a reason.

Sorry Rowland, but this is incorrect, you need samba (smbd) only if you
want to make the member server a file server.
If you do not need to offer SMB file services there are many other
products that join a unix machine to an AD server, including the
mentioned sssd (with the realmd utility)

> Even if there are other things on the computer, they can probably be 
> integrated with AD.
> >   From that perspective, unless you're using Samba as a PDC/BDC, the only
> > security setting you ever want to use is
> > 
> >       security = user
> > 
> > Am I missing something?
> Yes, using that means it can only be a standalone server and not part of 
> a domain.

More information about the samba mailing list