[Samba] sssd not a good idea
Simo Sorce
idra at samba.org
Sat Jun 15 11:33:44 UTC 2019
On Wed, 2019-06-12 at 18:14 +0100, Rowland penny via samba wrote:
> On 12/06/2019 18:02, Goetz, Patrick G via samba wrote:
> > So, the bug reports referenced below are in regard to having Samba be a
> > domain member. My question is why would I want Samba to be a domain
> > member? I want the machine Samba runs on to be a domain member, because
> > there are other things going on on that machine as well.
>
> You cannot have one without the other, a Unix computer without Samba is
> just that, a Unix machine. Add Samba and you can join an AD domain, the
> letters 'S', 'M' and 'B' in Samba are there for a reason.
Sorry Rowland, but this is incorrect, you need samba (smbd) only if you
want to make the member server a file server.
If you do not need to offer SMB file services there are many other
products that join a unix machine to an AD server, including the
mentioned sssd (with the realmd utility)
> Even if there are other things on the computer, they can probably be
> integrated with AD.
>
> > From that perspective, unless you're using Samba as a PDC/BDC, the only
> > security setting you ever want to use is
> >
> > security = user
> >
> > Am I missing something?
>
> Yes, using that means it can only be a standalone server and not part of
> a domain.
More information about the samba
mailing list