[Samba] Samba as AD member & without winbind...

Rowland penny rpenny at samba.org
Fri Oct 30 11:09:01 UTC 2020

On 30/10/2020 10:50, Thomas Besser via samba wrote:
> Am 30.10.20 um 11:30 schrieb Rowland penny via samba:
>> On 30/10/2020 10:09, Thomas Besser via samba wrote:
>>> Am 30.10.20 um 10:57 schrieb Rowland penny via samba:
>>>> On 30/10/2020 09:20, Thomas Besser via samba wrote:
>>>>> actually we have running samba 4.5.16 under Devuan 2.0 (Ascii) as AD
>>>>> member without winbind configured. UID and GID informations coming
>>>>> from NSS (nslcd -> LDAP). LDAP and AD are in sync.
>>>> So you will have uidNumber and gidNumber attributes in AD.
>>> No, AD does not have uidNumber and gidNumber. Only LDAP (separate
>>> OpenLDAP!) does have this informations.
>> So, that's what you get for not really reading a post, I missed that 😅
>>> Both, AD and LDAP are provided by identity management system, so are
>>> in sync according accounts and groups.
>> I think we might have been here before, but why use AD and LDAP ?
> Because they are there ;-)
> I'm not the admin of theses systems. In our big organization (kit.edu) 
> these two systems are provided from the computer center having all 
> users and groups in it.

 From my brief internet search, kit.edu == University

I would suggest that it might be a good idea to combine your AD and 
LDAP. I do not think that you can get what you require unless you do so. 
If there are shares and Windows involved, you really need AD and most 
(if not all) that is in LDAP can migrate to AD. I have seen numerous 
setups like yours reported on here, all seemed to have ended in tears 😭


More information about the samba mailing list