[Samba] Samba as AD member & without winbind...
thomas.besser at kit.edu
Fri Oct 30 10:09:30 UTC 2020
Am 30.10.20 um 10:57 schrieb Rowland penny via samba:
> On 30/10/2020 09:20, Thomas Besser via samba wrote:
>> actually we have running samba 4.5.16 under Devuan 2.0 (Ascii) as AD
>> member without winbind configured. UID and GID informations coming
>> from NSS (nslcd -> LDAP). LDAP and AD are in sync.
> So you will have uidNumber and gidNumber attributes in AD.
No, AD does not have uidNumber and gidNumber. Only LDAP (separate
OpenLDAP!) does have this informations.
Both, AD and LDAP are provided by identity management system, so are in
sync according accounts and groups.
>> After upgrade to Devuan 3.0 (Beowulf) with samba 4.9.5 this
>> constellation does not work anymore. Samba insists on configuring
> Yes it does, from Samba >= 4.8.0 with 'security = ADS' in smb.conf , you
> must run winbind. Before 4.8.0 , smbd could contact AD directly, this
> facility has now been removed and smbd must go through winbind to
> contact AD.
>> Can I configure winbind to use 'local' users and groups from NSS?
> No, local users are just that, local users, but you can make AD users
> into Unix users by using the winbind 'ad' backend. This works quite well.
Ok, then I would need a winbind 'ldap' backend. Does this exist?
Karlsruher Institut für Technologie (KIT)
archIT [IT-Management der Fakultät Architektur]
Dipl.-Ing. Thomas Besser
Gebäude 11.40, Raum 010 | Fon +49 721 608 46024
KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft
More information about the samba