[Samba] Replacing SSSD with just WINBIND for NFSv4

Rowland Penny rpenny at samba.org
Tue Aug 31 07:38:05 UTC 2021

On Mon, 2021-08-30 at 16:57 -0400, Luc Lalonde wrote:
> Here's one of my DC's 'smb.conf':
> [global]
>          workgroup = EXAMPLE
>          realm = example.com
>          netbios name = DC1
>          server role = active directory domain controller
>          idmap_ldb:use rfc2307 = Yes
> [netlogon]
>          path =
> /usr/local/samba/var/locks/sysvol/gigl.polymtl.ca/scripts
>          read only = No
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
> The other two are Windows 2012R2 DC's
> My first UID is 1167, and my last is 32962 as of this morning. My
> user 
> creation/maintenance scripts keep a separate database of UID, GID, 
> GECOS, etc.

You have a major problem, you appear to be using sssd on a Samba AD DC,
this is not supported by anyone, certainly not by Samba. You must
already be using winbind as well as sssd and that is definitely not

You cannot change the DC smb.conf to use the rfc2307 attributes, but it
will be using the uidNumber & gidNumber attributes.

I suggest you set up Unix domain member and use this as a fileserver.


More information about the samba mailing list