[Samba] Using SSSD + AD with Samba seems to require Winbind be running
Robert Marcano
robert at marcanoonline.com
Wed Aug 12 14:25:38 UTC 2020
On 8/12/20 10:06 AM, Rowland penny via samba wrote:
> On 12/08/2020 14:45, L.P.H. van Belle via samba wrote:
>> Thanks for you replies.
>> It might help me understand better why people use/want to use SSSD.
>
> That is one I do not understand either, apart from the GPO option (which
> must be limited, GPO's generally do not work on Linux), everything that
> sssd does can be done by other means. I for instance use sudo rules from
> AD.
True. GPO rules enforced by SSSD are related to login only.
Your are lucky if you didn't work on a project where the customer have
rules, like having their login enforcement be done by Active Directory
policies.
Anecdote: I worked a few decades ago developing a big Smalltalk
application for a bank, successfully deployed to OS/2. Many years later
when they required to migrate from OS/2 they migrated it to Windows and
started a project to evaluate a migration to Linux in order to choose
their next platform. We did the entire migration to Linux, the project
was canned after showing a fully working application (with some small UI
issues to be fixed if migration was chosen) because their company policy
said they needed a <insert brand> antivirus on Linux and it wasn't ready
available. The moral of the history, there are many ways to do the same
thing on a server, but company policies out of your control can tell you
not do it that way.
>
> If you use sssd with Samba, then you need to setup two conf files (with
> a lot of duplicate info) and only use a version of Samba < 4.8.0.
> Whereas, with Samba, you only have one conf file and can use any version
> of Samba.
Not true about the samba version;
# wbinfo -t
checking the trust secret for domain MYDOMAIN via RPC calls succeeded
# rpm -qa samba
samba-4.10.4-101.el8_1.x86_64
Running SSSD with AD integration. Again, DISCLAIMER, not the recommended
samba list configuration, but it works.
More information about the samba
mailing list