[Samba] RHEL 8.8 sssd & winbind coexistence
Rowland Penny
rpenny at samba.org
Fri Jun 14 17:53:17 UTC 2024
On Fri, 14 Jun 2024 10:38:37 -0500
E R via samba <samba at lists.samba.org> wrote:
> Is it still considered best practice to uninstall sssd to ensure there
> are no conflicts with winbind? I ask because Red Hat is installing
> sssd by default even on a minimal install of RHEL 8.8 (may apply to
> earlier releases of RHEL 8). This caught me off guard as MINIMAL is
> supposed to mean something... ::sigh::
>
> I only discovered this by accident when checking to ensure the
> /etc/nsswitch.conf was proper and noticed sssd was there AFTER
> winbind!
>
> # yum list installed | grep sssd
>
> sssd-client.x86_64 2.8.2-2.el8
> @anaconda
> sssd-common.x86_64 2.8.2-2.el8
> @anaconda
> sssd-kcm.x86_64 2.8.2-2.el8
> @anaconda
> sssd-nfs-idmap.x86_64 2.8.2-2.el8
> @anaconda
>
> The @anaconda means the installer did this but even so I did a clean
> install to confirm as well.
>
The thing about sssd and winbind is that they basically do the same
thing (not surprising, they were originally written mostly by the same
person).
If you just want authentication, then sssd is great at that, but if you
want file shares, then you need smbd and in a domain that means winbind.
Now if you are running winbind, there is no point to running sssd as
well, it is just another program to configure. There is also the
problem that unless sssd is configured correctly, it will change the
machine password when required (usually monthly), but winbind will also
attempt to change the machine password and then fall over when it
cannot.
It is up to the sysadmin to run the program of their choice, but, as I
said, if winbind is involved, then there really isn't any point in
running sssd.
Rowland
More information about the samba
mailing list