Am 23.09.21 um 09:57 schrieb Rowland Penny via samba:> > There appears to be two camps in red hat, one accepts that you > shouldn't use sssd with Samba >=4.8.0 , the other will not accept this. > Also if you do use sssd with Samba, there are numerous problems, one of > which is that RHEL 8 no longer has libpam-krb5I have to chime in here. I have said this before you can use sssd with Samba and Winbind. The Howtos are behind a paywall (well you don't have to pay just register) at RedHat. With idmap_sss https://access.redhat.com/solutions/3802321 And here without idmap_sss https://access.redhat.com/solutions/4290501 In the later case Auth is done by windbind. How this works without pam_krb I do not know but it works for us. Regards Christian -- Dr. Christian Naumer Vice President Unit Head Bioprocess Development BRAIN Biotech AG Darmstaedter Str. 34-36, D-64673 Zwingenberg e-mail cn at brain-biotech.com, homepage www.brain-biotech.com phone +49-6251-9331-30 / fax +49-6251-9331-11 Sitz der Gesellschaft: Zwingenberg/Bergstrasse Registergericht AG Darmstadt, HRB 24758 Vorstand: Adriaan Moelker (Vorstandsvorsitzender), Lukas Linnig Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
On Thu, 2021-09-23 at 10:10 +0200, cn--- via samba wrote:> Am 23.09.21 um 09:57 schrieb Rowland Penny via samba: > > There appears to be two camps in red hat, one accepts that you > > shouldn't use sssd with Samba >=4.8.0 , the other will not accept > > this. > > Also if you do use sssd with Samba, there are numerous problems, > > one of > > which is that RHEL 8 no longer has libpam-krb5 > > I have to chime in here. I have said this before you can use sssd > with > Samba and Winbind. The Howtos are behind a paywall (well you don't > have > to pay just register) at RedHat. > > With idmap_sss > > https://access.redhat.com/solutions/3802321 > > > And here without idmap_sss > > https://access.redhat.com/solutions/4290501 > > In the later case Auth is done by windbind. How this works without > pam_krb I do not know but it works for us.There you go, the left hand says you cannot use sssd with Samba and the right hand says you can, but no matter, that is red hat. Samba does not produce SSSD, so Samba cannot support it. By support, I mean fix errors in its code and advise users how to it, this is red hat's job. Rowland