[Samba] Samba as AD member & without winbind...

Rowland penny rpenny at samba.org
Fri Oct 30 09:57:31 UTC 2020

On 30/10/2020 09:20, Thomas Besser via samba wrote:
> Hi all, without winbind co
> actually we have running samba 4.5.16 under Devuan 2.0 (Ascii) as AD 
> member without winbind configured. UID and GID informations coming 
> from NSS (nslcd -> LDAP). LDAP and AD are in sync.
So you will have uidNumber and gidNumber attributes in AD.
> After upgrade to Devuan 3.0 (Beowulf) with samba 4.9.5 this 
> constellation does not work anymore. Samba insists on configuring 
> winbind.
Yes it does, from Samba >= 4.8.0 with 'security = ADS' in smb.conf , you 
must run winbind. Before 4.8.0 , smbd could contact AD directly, this 
facility has now been removed and smbd must go through winbind to 
contact AD.
> Can I configure winbind to use 'local' users and groups from NSS?
No, local users are just that, local users, but you can make AD users 
into Unix users by using the winbind 'ad' backend. This works quite well.

If you want a later version of Samba, see here: http://apt.van-belle.nl/

Just pretend your 'Beowulf' is 'buster', it will work.


More information about the samba mailing list