On Mon, 2013-06-24 at 18:21 +0200, Marc Muehlfeld wrote: > Hello Rowland, > > Am 24.06.2013 12:26, schrieb Rowland Penny: > > As far as I can see, the only way to get getent on the S4 server to show > > groupmembers is to use sssd > > nslcd works great for that job here, too.
Hi nslcd is simplicity itself but we couldn't get it going for nested groups. Also it doesn't do dynamic dns updates, which sssd throws in for free and unless you use nscd, it's slow. Maybe your wiki could include the config for kerberised binds to the S4 ldap? This is all you need: /etc/nslcd.conf uid nslcd gid nslcd uri ldap://your.f.q.d.n base dc=foo,dc=bar map passwd uid samAccountName map passwd homeDirectory unixHomeDirectory sasl_mech GSSAPI sasl_realm YOUR.REALM krb5_ccname /tmp/nslcd.tkt Hope you get a chance to have a play with sssd. It would be good to hear other views on how it compares with winbind and nslcd. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba