[Samba] Documenting 'works great with Samba AD' (was: Re: Using Samba AD/DC as an Active Directory OAuth provider for OpenShift)
Andrew Bartlett
abartlet at samba.org
Sun Aug 23 03:09:59 UTC 2020
On Sat, 2020-08-22 at 16:31 -0400, Vincent S. Cojot via samba wrote:
> Hi Andrew, Hi Rowland,
>
> I just spent close to one hour debugging this with one OpenShift
> specialist from RedHat. What we figured was:
>
> 1) both of my configs work (auth and group-sync) and are in fact correct.
>
> 2) OCP group sync does not sync the groups that have no explicit 'member'
> Attribute or groups that are 'default' groups (E.g: 'Domain Users') where membership
> is through the primaryGroupID.
>
> So things are in fact working and they'll be reaching out to me because
> I'm one of the few guys with a working 'Active Directory' in his home/lab
> and they'd like to support ActiveDirectory in the Group Sync Operator
> they're writing upstream. :)
>
> Thank you for your help debugging this yesterday. I keep trying to
> evangelize Samba AD/DC internally to my peers and the level of help I
> received on that issue really makes the case for this type of setup.
> I will most likely write a post about this.
Thanks for the feedback. I thank you for your work, the more software
that is clearly documented as 'works great with Samba' the better for
Samba.
I also think it is awesome for the software we work with: one thing
that makes Samba really handy as an AD DC is that it can fit into
manual and CI testing of Linux-centric products like OpenShift,
standing in for Microsoft's AD reliably yet automating on par with the
rest of the system.
I look forward to your post, hopefully you can find a place to those
instructions.
More broadly, I would love to have curated 'works great with Samba AD'
page. With (links to) instructions about how to configure sssd (yes,
really), mod_auth_ntlm_winbind, mod_auth_kerb, Packetfence, Django,
Azure AD (stating known limitations) etc.
While for many tools it is 'just use like Windows AD', having a page
that confidently explains that it really works with Samba should help
our adoption, if only to show to higher-up management who are yet to be
convinced.
I don't have the time to write all this, but hit me up if you need
pages created in the wiki or the permission to do so!
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list