[Samba] LDAP + SSSD + Winbind group membership updating

a.moz at mailhaven.su a.moz at mailhaven.su
Sun May 18 11:56:28 UTC 2025 

Rowland Penny via samba wrote:

> If you are not going to be using SMBv1, then you you cannot use the
> samba.schema with openldap, as I said, what you are attempting is
> pretty much the same as setting up an NT4-style PDC and that requires
> SMBv1.

> This means that anything new that relies on SMBv1 is very probably
> going down the wrong street.

> By all means, but I suggest you do not lead people down a cul-de-sac.

##############
[root at JX-F-Stage-4 /]# smbstatus

Samba version 4.21.5
PID     Username     Group        Machine                                
    Protocol Version  Encryption           Signing
----------------------------------------------------------------------------------------------------------------------------------------
915     [NVK.LOC]nomad domusers     192.168.88.147 
(ipv4:192.168.88.147:61990) SMB3_11           -                    
partial(AES-128-CMAC)

Service      pid     Machine       Connected at                     
Encryption   Signing
---------------------------------------------------------------------------------------------
shared       915     192.168.88.147 Sun May 18 11:08:34 2025 UTC     -   
          -

#############

[root at JX-F-Stage-4 /]# net ads info
ads_startup_int: ads_connect_cldap_only: No logon servers are currently 
available to service the logon request.
Didn't find the ldap server!
[root at JX-F-Stage-4 /]# net ads join
Host is not configured as a member server.
Invalid configuration.  Exiting....
Failed to join domain: This operation is only allowed for the PDC of the 
domain.
[root at JX-F-Stage-4 /]# realm
bash: realm: command not found
[root at JX-F-Stage-4 /]# ldapsearch -H ldapi:// -Y EXTERNAL -b 
"cn=schema,cn=config" dn
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=schema,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: dn
#

# schema, config
dn: cn=schema,cn=config

# {0}core, schema, config
dn: cn={0}core,cn=schema,cn=config

# {1}cosine, schema, config
dn: cn={1}cosine,cn=schema,cn=config

# {2}inetorgperson, schema, config
dn: cn={2}inetorgperson,cn=schema,cn=config

# {3}nis, schema, config
dn: cn={3}nis,cn=schema,cn=config

# {4}samba, schema, config
dn: cn={4}samba,cn=schema,cn=config

# {5}dyngroup, schema, config
dn: cn={5}dyngroup,cn=schema,cn=config

# {6}msad_mod, schema, config
dn: cn={6}msad_mod,cn=schema,cn=config

# search result
search: 2
result: 0 Success

# numResponses: 9
# numEntries: 8

More information about the samba mailing list