[Samba] Samba as AD member & without winbind...

Thomas Besser thomas.besser at kit.edu
Fri Oct 30 10:09:30 UTC 2020

Am 30.10.20 um 10:57 schrieb Rowland penny via samba:
> On 30/10/2020 09:20, Thomas Besser via samba wrote:
>> actually we have running samba 4.5.16 under Devuan 2.0 (Ascii) as AD
>> member without winbind configured. UID and GID informations coming
>> from NSS (nslcd -> LDAP). LDAP and AD are in sync.
> So you will have uidNumber and gidNumber attributes in AD.

No, AD does not have uidNumber and gidNumber. Only LDAP (separate 
OpenLDAP!) does have this informations.

Both, AD and LDAP are provided by identity management system, so are in 
sync according accounts and groups.

>> After upgrade to Devuan 3.0 (Beowulf) with samba 4.9.5 this
>> constellation does not work anymore. Samba insists on configuring
>> winbind.
> Yes it does, from Samba >= 4.8.0 with 'security = ADS' in smb.conf , you
> must run winbind. Before 4.8.0 , smbd could contact AD directly, this
> facility has now been removed and smbd must go through winbind to
> contact AD.
>> Can I configure winbind to use 'local' users and groups from NSS?
> No, local users are just that, local users, but you can make AD users
> into Unix users by using the winbind 'ad' backend. This works quite well.

Ok, then I would need a winbind 'ldap' backend. Does this exist?


Karlsruher Institut für Technologie (KIT)
archIT [IT-Management der Fakultät Architektur]
Dipl.-Ing. Thomas Besser
Gebäude 11.40, Raum 010 | Fon +49 721 608 46024

KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft

More information about the samba mailing list