Dear sssd users,
I would like to get informations about the use of sssd with samba (centos 7, samba 4.8.3).
I need it because I configured a samba share, accessible with
sssd.
The authentication is against a windows AD.
My /etc/nsswitch.cnf is configured only with sssd :
passwd: files sss
shadow: files sss
group: files sss
For an other purpose, I set an sftpd access also configured with sssd against the AD.
I followed some discussions on the samba user list about samba +
sssd.
I would like to understand if there are some issues with sssd and
samba 4.8.3 on centos 7 ?
Or is it with next RHEL 8 ?
The RHEL 8 documentation states this:
"Red Hat only supports running Samba as a server with the
winbindd
service to provide domain users and groups to the local
system. Due to
certain limitations, such as missing Windows access
control list (ACL)
support and NT LAN Manager (NTLM) fallback, SSSD is not
supported."
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/deploying_different_types_of_servers/assembly_using-samba-as-a-server_deploying-different-types-of-servers
What's confusing is that the RHEL 7
documentation says:
"Prior to Red Hat Enterprise Linux 7.1, only Winbind
provided this
functionality. In Red Hat Enterprise Linux 7.1 and later,
you no longer
need to run Winbind and SSSD in parallel to access SMB
shares. For
example, accessing the Access Control Lists (ACLs) no
longer requires
Winbind on SSSD clients."
and
"4.2.2. Determining Whether to Use SSSD or Winbind for
SMB Shares
For most SSSD clients, using SSSD is recommended:"
and most worrisome, in my use case:
"In environments with direct Active Directory integration
where the
clients use SSSD for general Active Directory user
mappings, using
Winbind for the SMB ID mapping instead of SSSD can result
in
inconsistent mapping."
In my case, running samba 4.8.3 with SSSD on centos 7 do I need
to :
- enable and start winbind service , in conjunction to sssd ?
- or only sssd is enough with samba ?
- Do I have to fear issues in next release of sssd for the support
of samba ? especially for acls support ?
A nsswitch.conf like :
passwd: files sss winbind
shadow: files sss winbind
group: files sss winbind
or
passwd: files winbind sss
shadow: files winbind sss
group: files winbind sss
Does not seem to work... I test and this is not stable.
Best Regards,
Edouard