[Samba] Samba forces domain members to use winbind now

Vaughan, Robert J vaughar2 at gdls.com
Thu Mar 3 18:11:39 UTC 2022

Recent SAMBA patches from Red Hat and Oracle (for Solaris 11) have broken our configuration

Have tickets open with both Red Hat and Oracle but so far not having much luck

The cause seems to be the switch to force winbind requirement for domain members (CVE-2020-25717 I believe)

We've never run winbind before

We have a UNIX LDAP (Oracle OUD) that has users with same username as AD and contains the uidNumber and gidNumber we need to use (plus extra groups) and this is accessed via nsswitch as sss (Linux) and ldap (Solaris)

So, trying to determine if we can run a winbind config that allows this setup to continue to work

With my reading so far I have had some success with idmap backend nss, but sometimes it fails (user doesn't have permission to access share errors) so perhaps something not quite right

So my first question is a general 'should I be able to do this'?


This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information.  No one else may read, print, store, copy, forward or act in reliance on it or its attachments.  If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.

More information about the samba mailing list