[Samba] Samba 4 without winbind

Rowland Penny rpenny at samba.org
Sun Sep 18 10:41:39 UTC 2022

On 18/09/2022 10:16, Andrew Bartlett via samba wrote:
> What you do is still possible, perhaps with some work (see the Nov 2021
> security guidance as you have not applied those patches).
> Just run winbindd but don't configure it in the smb.conf.
> We recogninise that for some the authentication is via AD but the
> authorization is via other methods specified in nsswitch.conf, and we
> now have tests specifically aimed at this.
> Andrew Bartlett

It is all very well saying that Andrew, but the OP referred to Windows 
clients, he also has Linux clients, along with NIS and NFS. This means 
that he must maintain Linux users that are really Windows users, Linux 
Users that are authenticating from AD, NFS users that are authenticating 
to AD, NIS users that are authenticating to AD, finally I have no idea 
how or where the NIS groups are stored.

Sooner or later, Samba is going to drop SMBv1 and anything that relies 
on it will also disappear, not that this will really matter to the OP, 
because he is using 'security = ADS'. If he sets up the smb.conf 
correctly, His Windows clients will treat Linux machines as if they are 
Windows machines, he can get his Linux machines to behave as if they are 
Windows machines (so he will not need NIS) and NFS can easily 
authenticate to AD.

To be honest, I expect better of Universities, they are supposed to be 
places of learning, pity most of them do not seem to want to use new (if 
you can call AD new) and better ways


More information about the samba mailing list