[Samba] Samba as AD member & without winbind...
Rowland penny
rpenny at samba.org
Fri Oct 30 09:57:31 UTC 2020
On 30/10/2020 09:20, Thomas Besser via samba wrote:
> Hi all, without winbind co
>
> actually we have running samba 4.5.16 under Devuan 2.0 (Ascii) as AD
> member without winbind configured. UID and GID informations coming
> from NSS (nslcd -> LDAP). LDAP and AD are in sync.
So you will have uidNumber and gidNumber attributes in AD.
>
> After upgrade to Devuan 3.0 (Beowulf) with samba 4.9.5 this
> constellation does not work anymore. Samba insists on configuring
> winbind.
Yes it does, from Samba >= 4.8.0 with 'security = ADS' in smb.conf , you
must run winbind. Before 4.8.0 , smbd could contact AD directly, this
facility has now been removed and smbd must go through winbind to
contact AD.
>
> Can I configure winbind to use 'local' users and groups from NSS?
No, local users are just that, local users, but you can make AD users
into Unix users by using the winbind 'ad' backend. This works quite well.
If you want a later version of Samba, see here: http://apt.van-belle.nl/
Just pretend your 'Beowulf' is 'buster', it will work.
Rowland
More information about the samba
mailing list