SSSD vs Winbind

In a previous post, I compared the features and capabilities of Samba winbind and SSSD. In this post, I will focus on formulating a set of criteria for how to choose between SSSD and winbind. In general, my recommendation is to choose SSSD... but there are some notable exceptions.

• The first exception is if you have a deployment of Linux systems that are already leveraging Samba winbind for integration purposes. While, in this scenario, it might be cost prohibitive to switch to SSSD – you might eventually consider switching off Samba winbind due to changing / shifting requirements. In such cases we recommend engaging with a Red Hat representative to receive an overview of the latest integration capabilities (...as SSSD and IdM technologies are actively being developed – each incorporating additional features and capabilities over time).
• The second exception is if you use Active Directory (AD) with the NTLM protocol enabled and fallback to NTLM authentication is still a requirement for your environment. In this scenario, winbind is a better choice as SSSD does not support the NTLM protocol.
• The third exception is if SSSD fails to support a specific feature that you require (i.e. one that winbind supports); indeed, not all use cases are addressed in the same way between SSSD and winbind. For example, SSSD does not support cross forest AD trusts when connected directly to AD (and winbind does). However, in this example, the work around is to use IdM. Being connected to IdM, SSSD recognizes other AD forests that are in trust relationships with the IdM domain. Irrespective, if there are specific features that you require, ones
  

  that SSSD fails to support, we’d be very interested to hear more about your needs.

Is Samba winbind

deprecated? The answer is most certainly: no. The reality is that there’s currently a shift in emphasis from one technology to another and, as always, Red Hat is committed to supporting features and components that are (already) widely adopted and deployed while also making sure we provide support for new deployments to select the best available option. Have you shifted from Samba winbind to SSSD? If not, what’s holding you back? Let me know what you think in the comments section below.