[Samba] Problem with Samba as Member to AD

Rowland Penny rpenny at samba.org
Sun Jul 18 08:54:22 UTC 2021

On Sun, 2021-07-18 at 10:29 +0200, Mr Typo wrote:
> Hello Rowland,
> thank you for your first input. I did alot of testing, and yeah the
> global section was not really clean :( Thank you!
> i am using Centos8 and i was running nscd (system auth pure ldap
> against the domain controller).
> When i was shutting down nscd the authentication with samba/winbind
> was working.

You cannot use nscd with winbind. As this is Centos8 (why ? It isn't
recommended any more, use Rocky or Alma), remove sssd if it is
installed, you cannot use it with winbind. It is now just sssd for
authenticaion, or Samba with winbind for shares.

> When i search the internet i find messages that tells me that nscd +
> winbind is NOT working, but other say that it is working. Can you
> advise me here?

Just have :-)

> If you want to ask why i should want to run nscd/ldap + winbind. Well
> i dont want to start winbind/samba on every linux machine just for
> authentication. before trying nscd with winbind i tried sssd +
> winbind
> -> complete messup.

As I said above, if you just want authentication, use sssd without
Samba, if you want shares, then you must use Samba and winbind without
sssd. The reason why you cannot use winbind and sssd is that sssd has
its own version of the winbind libs and they clash.

I personally would just one on all machines, less to remember, so if
you need shares on some machines (or might need in the future), then I
would use Samba everywhere, once you have one Unix domain member
working, you just use the same '[global]' portion of the smb.conf on
every Unix domain member.


More information about the samba mailing list