[Samba] Winbind active directory without domain join

Andrew Bartlett abartlet at samba.org
Tue Jul 26 19:54:59 UTC 2022

On Tue, 2022-07-26 at 10:58 +0100, Rowland Penny via samba wrote:
> On Tue, 2022-07-26 at 15:14 +0530, Shyam Prasad N via samba wrote:
> > Hi all,
> > 
> > I'm wondering if I can use winbind services without having to
> > domain
> > join the active directory?
> > i.e. to login as AD users (with the help of pam-winbind) and to map
> > UID/GID to SID and back (using wbclient.h).
> pam-winbind is part of the glue between winbind and nsswitch.
> > Searching on the internet leads me to believe that domain join is
> > mandatory to avail these services, but no conclusive answer.
> > I Wanted to confirm the same.
> Confirmed, you need to join the domain.
> Rowland

To aid the understanding of the OP, it is the domain join that provides
the shared secret that allows winbindd operations to be secure, without
it Samba cannot access AD, and even if it could (somehow) it could not
trust the results.

Andrew Bartlett

Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba mailing list