Hi Marc, ok it looks like anything will work on an S4 server apart from winbind ;-)
My working /etc/sssd/sssd.conf on the S4 server is: [sssd] config_file_version = 2 domains = example.com services = nss, pam [nss] [pam] [domain/example.com] description = AD domain with Samba 4 server cache_credentials = true id_provider = ldap auth_provider = krb5 chpass_provider = krb5 access_provider = ldap krb5_realm = EXAMPLE.COM ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema = rfc2307bis ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true ldap_user_object_class = user ldap_user_name = sAMAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_group_object_class = group ldap_group_name = sAMAccountName Thats it, no special user, no passwords, it just works, I haven't found any problems yet, touch wood. And when 1.10.0 gets released (it's in beta at the moment) it gets even better: [sssd] config_file_version = 2 domains = example.com services = nss, pam [nss] [pam] [domain/example.com] description = AD domain with Samba 4 server cache_credentials = true enumerate = False id_provider = ad auth_provider = ad access_provider = ad chpass_provider = ad Rowland On 24 June 2013 17:21, Marc Muehlfeld <[email protected]> wrote: > Hello Rowland, > > Am 24.06.2013 12:26, schrieb Rowland Penny: > > As far as I can see, the only way to get getent on the S4 server to show >> groupmembers is to use sssd >> > > nslcd works great for that job here, too. > > > The nslcd.conf is almost the same like I wrote here: > http://wiki.samba.org/index.**php/Samba4/beyond#Nslcd:_User.** > 2FGroups_from_AD_through_**openLDAP_proxy<http://wiki.samba.org/index.php/Samba4/beyond#Nslcd:_User.2FGroups_from_AD_through_openLDAP_proxy> > > > I'll publish the nslcd config for directly getting the data from AD, the > next days in the wiki, too. > > > > Regards, > Marc > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
