[Samba] Error when joining new DC
Peter Mittermayer
samba.lists at outlook.com
Tue Dec 17 10:10:28 UTC 2024
Hi Rowland,
Thanks, for your thoughts. I'll think about it.
br
________________________________________
From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny via samba <samba at lists.samba.org>
Sent: Tuesday, December 17, 2024 10:35 AM
To: samba at lists.samba.org
Cc: Rowland Penny
Subject: Re: [Samba] Error when joining new DC
On Tue, 17 Dec 2024 08:04:27 +0000
Peter Mittermayer via samba <samba at lists.samba.org> wrote:
> If not using sssd, how do you join the clients to the domain? We are
> not using GPO, only user authentication and DNS.
>
> Due to security restrictions we are not able to install Samba
> packages on all the clients. Sssd is the simplest solution, and the
> only one recommended and officially supported by RedHat.
>
First all sssd gives you is authentication, something Samba can also
do, but Samba can give you something that sssd cannot, shares.
You do not actually use sssd to join, your are probably using realmd,
but in either case, this isn't really the mailing list to discuss sssd
or realmd, neither are Samba products, I suggest you ask on the
sssd-users mailing list about any problems with sssd.
To join a Samba machine to an AD domain, you would run 'net ads join'
after configuring the client.
In my opinion (for what is worth), you either install Samba or sssd,
never both, this mailing list can help you with any Samba problems.
As for your 'security restrictions', let me tell you a story.
A person wrote most of winbind for Samba, that person then went to work
for redhat, were they wrote most of sssd, basing it on, you guessed it,
winbind. This means that if you run sssd, you are running code that is
very similar to winbind, so which is more secure ? (bearing in mind
that you have to install some Samba packages to get sssd to work.)
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list