[Samba] Winbind active directory without domain join
Andrew Bartlett
abartlet at samba.org
Tue Jul 26 19:54:59 UTC 2022
On Tue, 2022-07-26 at 10:58 +0100, Rowland Penny via samba wrote:
> On Tue, 2022-07-26 at 15:14 +0530, Shyam Prasad N via samba wrote:
> > Hi all,
> >
> > I'm wondering if I can use winbind services without having to
> > domain
> > join the active directory?
> > i.e. to login as AD users (with the help of pam-winbind) and to map
> > UID/GID to SID and back (using wbclient.h).
>
> pam-winbind is part of the glue between winbind and nsswitch.
>
> > Searching on the internet leads me to believe that domain join is
> > mandatory to avail these services, but no conclusive answer.
> > I Wanted to confirm the same.
>
> Confirmed, you need to join the domain.
>
> Rowland
To aid the understanding of the OP, it is the domain join that provides
the shared secret that allows winbindd operations to be secure, without
it Samba cannot access AD, and even if it could (somehow) it could not
trust the results.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the samba
mailing list