[Samba] idmap & migration to rfc2307
Michael Adam
obnox at samba.org
Sun Nov 8 22:40:06 UTC 2015
On 2015-11-08 at 22:50 +0100, buhorojo wrote:
> On 08/11/15 21:01, Michael Adam wrote:
> >On 2015-11-08 at 20:34 +0100, buhorojo wrote:
> >>sssd's uses its own implementation of winbind
> >I repeat: sssd does not implement winbind.
> >It implements some parts of the winbind protocol.
> >It is not a drop-in replacement for winbind(d).
> >And the ad-dc forcefully uses winbindd anyways,
> No, it is not forced. It can be disabled.
Of course you can disable the server service.
But then you have neither a supported nor a
fully functional AD/DC setup. :-)
> >so sssd is not at all an option.
> No? What it does do is just work.
No. It does not work for the internals of the ad/dc.
It may work in nsswitch.
And did I mention this is neither a support
nor an advocating forum for sssd?
> winbind doesn't. It is unfair
> on the OP to insist it does.
What does "OP" mean?
Oh, and it is also unfair to always insist an
external unsupported server just works, instead
of addressing the points being discussed.
> >>and _always_ retrieves the same id from AD. Repeat, _always_.
> >>Currently it and nslcd are the only way to obtain full rfc2307
> >>and consistent ids on DCs. Neither winbind nor
> >>winbindd can do so.
> >Sure. winbindd can do it.
> Sorry but you are wrong. On a DC it can't.
If it does not fully work, then we need to fix that.
And as you so nicely pointed out earlier yourself
(for sssd in that case...), instead of recommending
the use of an unsupported external application,
please submit a bug report at https://bugzilla.samba.org/ .
:-)
Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20151108/e3252a21/signature.sig>
More information about the samba
mailing list