[Samba] sssd-ad cannot be installed with sernet samba
Harry Jede
walk2sun at arcor.de
Thu Apr 2 12:14:53 MDT 2015
On 19:54:24 wrote Andrey Repin:
> Greetings, Rowland Penny!
>
> >>> nss/winbind does work, yes, there is 1 missing file, just created
> >>> it. ( and this is not needed on a DC ! )
> >>
> >> So you are telling us that something that returns:
> >> /bin/false
> >>
> >> when:
> >> /bin/bash
> >> is specified in the database is a piece of software that is
> >> working?
> >
> > You only need a shell if you are logging into the DC and you
> > shouldn't be, the samba wiki couldn't be much plainer, it is not
> > recommended to use the DC as a fileserver!
>
> You can recommend whatever you like, the reality is that there's no
> spare hardware is coming my way alongside your recommendations.
> And I've been bitten by virtualization one time too many already to
> feel reluctant to implement it in production.
> Just check the last thread I started.
>
> > However, if you must use the DC as a fileserver, investigate the
> > 'template' lines for smb.conf
>
> I can't see, how it can make a difference, if I'm setting winbind on
> DC or a member server.
OK. You dont understand it. winbind exists in two incarnations. winbind
on samba dc, version 4.0.x and 4.1.x, winbindd (with two d) on all other
samba versions.
> The information is coming from same place -
> from AD.
Simply false. Read the docs.
Information may be stored in AD, passwd db, nis, idmap.ldb or computed
on the fly. Sometimes you have two stores at the same time.
> What makes it behave differently, if set on different
> server?
Different approaches for the same thing!! Mapping M$ identities to posix
identities could be quite complex.
--
Regards
Harry Jede
More information about the samba
mailing list