Question: Should I use SSSD, or Samba and Winbind to integrate my Oracle Linux system with Active Directory?
All supported versions of Oracle Linux provide both SSSD and Samba with Winbind.
SSSD:
- does not support NTLM, but NTLM is insecure and obsolete
- is simpler to install (can be auto-configured using realmd)
- does more than just Active Directory (e.g. LDAP)
Samba/Winbind:
- is harder to secure due to its support for NTLM.
- does not support AD DNS Aging and Scavenging (i.e. detecting if DNS entries for servers that have been removed or updated)
- As of Oracle Linux 7, SSSD is the preferred tool, although Samba and Winbind remain fully supported.
Using SSSD for Active Directory is covered here: