[Samba] Samba forces domain members to use winbind now
Rowland Penny
rpenny at samba.org
Thu Mar 3 19:02:28 UTC 2022
On Thu, 2022-03-03 at 18:11 +0000, Vaughan, Robert J via samba wrote:
> Recent SAMBA patches from Red Hat and Oracle (for Solaris 11) have
> broken our configuration
>
> Have tickets open with both Red Hat and Oracle but so far not having
> much luck
>
> The cause seems to be the switch to force winbind requirement for
> domain members (CVE-2020-25717 I believe)
>
> We've never run winbind before
>
> We have a UNIX LDAP (Oracle OUD) that has users with same username as
> AD and contains the uidNumber and gidNumber we need to use (plus
> extra groups) and this is accessed via nsswitch as sss (Linux) and
> ldap (Solaris)
>
> So, trying to determine if we can run a winbind config that allows
> this setup to continue to work
>
> With my reading so far I have had some success with idmap backend
> nss, but sometimes it fails (user doesn't have permission to access
> share errors) so perhaps something not quite right
>
> So my first question is a general 'should I be able to do this'?
>
> Rob
If you are running Samba as a Unix domain member, winbind was required
from Samba 4.8.0
How are you using ldap ?
It might help if you post your smb.conf file.
Rowland
More information about the samba
mailing list