Comprehensive re-write of the classicupgrade HowTo and other changes

steve steve at steve-ss.com
Tue Jun 3 04:00:24 MDT 2014 

On Mon, 2014-06-02 at 22:23 +0200, Jakub Hrozek wrote:
> On Sun, 2014-06-01 at 16:35 +0200, steve wrote:
> > On Sun, 2014-06-01 at 15:57 +0200, Jakub Hrozek wrote:
> > > On Thu, 2014-05-29 at 22:52 +0200, steve wrote:
> > > > Thanks.
> > > > We still object to:
> > > > '. . .if your domain was provisioned with the --rfc2307 option . .'
> > > > Repeat, you do not need to provision with --rfc2307 option. The default
> > > > schema already allows for rfc2307 and so sssd works perfectly well
> > > > without it. All the necessary posix attributes can be managed with
> > > > samba-tool, ldbedit or ldbmodify. You may wish to add that provisioning
> > > > with --rfc2307 is necessary only should you wish to manage said from
> > > > ADUC.
> > > > Steve
> > > > 
> > > 
> > > Does this sentence sound better to you?
> > > 
> > > https://wiki.samba.org/index.php?title=Local_user_management_and_authentication%2Fsssd&diff=8913&oldid=8912
> > > 
> > > (I believe there was a mid-air collision between me implementing
> > > Rowland' corrections and someone else correcting the RFC2307 details,
> > > hope I didn't remove any content)
> > > 
> > It's still misleading. How about:
> > 
> > At the same time, provisioning with --rfc2307 is only necessary should
> > you wish to manage it from windows. rfc2307 is available out of the box
> > and can be managed samba-tool and all the usual ldb tools.
> > 
> 
> I don't feel comfortable enough with deploying Samba on the server side
> to assess if the above is accurate and well-worded, sorry.
> 
> Marc, could you help me out here? IIRC you contributed the --rfc2307
> part..
> 
> > If you do not wish to store your rfc2307 information in AD at all, SSSD
> > also supports algorithmic ID-mapping. Moreover, certain POSIX attributes
> > such as home directory or shell can be set on the client side. For
> > further information about RFC2307, see the:
> > [[Using_RFC2307_on_a_Samba_DC|Using RFC2307 on a Samba DC]] HowTo.
> 
> The above sounds good to me, except the "in AD" part. Shouldn't that
> read "in Samba" or "on the server side" ?
> 
> > 
> > Acceptable?
> > Steve
> 
> Thanks for checking out the wiki page!
> 

The wording has nothing to do with sssd. The wiki implies that it is
necessary to provision a Samba 4 AD domain with --rfc2307 if you wish to
store rfc2307 in AD. This is not the case.

More information about the samba-technical mailing list