I've spent a week or so banging my head against numerous issues with samba and winbind on our servers. I've read about SSSD, and used it to solve the AD connection issues on one of the servers. But I am still not clear on all the moving pieces.
What is the modern and correct method for allowing AD users to log in and administer your Linux servers? SSSD auto-configured via RealmD? Still Samba+Winbind?
What are the required components for an SSSD integration? Do I still need winbind configured and running? Do I still need the smb running and configured? Is it just SSSD, PAM and Kerberos?
I had to upgrade a server from Samba v3 to Samba v4 to get past the NT_CONNECTION_RESET error, but the rest of my Samba v3 servers are fine. What version are you running and why?
I've been reading a lot, trying to find my own answers, but no one seems to clearly explain what each piece is doing.
PAM is loading authentication modules, but why? To talk to Winbind, or Samba, or the AD server, or what?
NSSwitch defines where Linux checks for login info, but is that all its doing?
Kerberos seems to make sense, but how does a ticket I get as an admin allow a user to authenticate? Are they getting their own tickets? Where are those stored?
What is the flow of login? NSSwitch>PAM>SSSD>Kerberos>SSSD>PAM>allowed?
Just wish it was a little simpler, I guess.
[link] [comments]