[Samba] Samba forces domain members to use winbind now
rpenny at samba.org
Thu Mar 3 20:09:41 UTC 2022
On Thu, 2022-03-03 at 19:57 +0000, Vaughan, Robert J via samba wrote:
> Our Solaris Samba version last working without winbind is 4.13.8
No it wasn't, the last it worked for you was 4.13.8
> The broken version is 4.13.14
> Our UNIX LDAP (Oracle OUD) has the UNIX uid and gid info (also shell,
> homedir and a few other things like employee number) and supports
> shell login for some users as well as the uid/gid mapping for all our
> SAMBA users
> Our AD does not contain the required UNIX info
It would be easier if it did, all the rfc2307 attributes are available.
> smb.conf ..
> workgroup = XXX
> realm = XXX.YYYY.COM
> server string = xxxxxxx
> netbios name = xxxxxxx
> security = ADS
> log level = 1
> log file = /var/samba/log/log.%m
> max log size = 5000
> preferred master = No
> local master = No
> domain master = No
> read only = No
> hosts allow = XXX.XXX., XX., XXX.
> short preserve case = No
> dos filetime resolution = Yes
> server signing = mandatory
> acl allow execute always = True
> load printers = No
> printcap name = /dev/null
> printing = bsd
> include system krb5 conf = no
> smb2 leases = No
One problem you have is that you do not have any 'idmap config' lines,
presumably because you have been using sssd.
What do you use the ldap for ? Just authentication, or is there data
stored in it ?
If it is just authentication, are you up to changing the ID numbers ?
More information about the samba