[Samba] Replacing SSSD with just WINBIND for NFSv4

Luc Lalonde Luc.Lalonde at polymtl.ca
Mon Aug 30 20:57:17 UTC 2021 

Here's one of my DC's 'smb.conf':

[global]
         workgroup = EXAMPLE
         realm = example.com
         netbios name = DC1
         server role = active directory domain controller
         idmap_ldb:use rfc2307 = Yes

[netlogon]
         path = /usr/local/samba/var/locks/sysvol/gigl.polymtl.ca/scripts
         read only = No

[sysvol]
         path = /usr/local/samba/var/locks/sysvol
         read only = No

The other two are Windows 2012R2 DC's

My first UID is 1167, and my last is 32962 as of this morning. My user 
creation/maintenance scripts keep a separate database of UID, GID, 
GECOS, etc.

Thanks!


On 2021-08-30 1:48 p.m., Rowland Penny via samba wrote:
> On Mon, 2021-08-30 at 13:26 -0400, Luc Lalonde via samba wrote:
>> Hello Foks,
>>
>> I would like to remove SSSD from the equation for NFSv4 + AutoFS
>> mounts.
>>
>> Presently we use SSSD + Winbind
> You shouldn't be unless you are using a version of Samba less than
> 4.8.0
>
>>   for LDAP-KRB5 authentication and AutoFS-NFSv4 for home directories.
>>
>> We have 4 NFS servers that split the load for our Linux clients.   We
>> use this option in SSSD.CONF to get the users home directory:
>>
>> ldap_user_home_directory = unixHomeDirectory
>>
>> Here are other options that we use:
>>
>> ldap_user_search_base = dc=example,dc=com
>> ldap_user_object_class = user
>> ldap_user_principal = userPrincipalName
>> ldap_schema = rfc2307bis
>> ldap_user_fullname = displayName
>> ldap_user_name = sAMAccountName
>> ldap_group_object_class = group
>>
>> Upon account creation, UID and GID are stored in AD, and everything
>> works great.  We also do not use DOMAIN\USERNAME logins, just
>> USERNAME.
>>
>> Is there a way to achieve this with just WINBIND?
> Yes
>
>
> Oh, I think you mean 'how do I do this' :-)
>
> Post your smb.conf and I will talk you through how, but it starts with
> removing sssd and realm
>
> I will also need to know what the lowest uidNumber attribute is.
>
> Rowland
>
>
>
-- 
Luc Lalonde, analyste
-----------------------------
Département de génie informatique:
École polytechnique de MTL
(514) 340-4711 x5049
Luc.Lalonde at polymtl.ca
-----------------------------


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20210830/c9574c96/OpenPGP_signature.sig>

More information about the samba mailing list