Reintroduce netgroups support?
scabrero at samba.org
Tue Jun 7 13:45:57 UTC 2022
On Tue, 2022-06-07 at 22:08 +1200, Andrew Bartlett via samba-technical
> On Fri, 2022-06-03 at 09:53 -0700, Jeremy Allison via samba-technical
> > On Fri, Jun 03, 2022 at 12:00:16PM +0200, Samuel Cabrero via samba-
> > technical wrote:
> > > Hi,
> > >
> > > I have received some complains after we dropped netgroups support
> > > in
> > > Samba 4.15.0. Our release notes only mention we dropped NIS but
> > > netgroups went with it.
> > >
> > > Some people still use netgroups without NIS, stored in LDAP and
> > > made
> > > available to the system through nss_sss, but it is also possible
> > > to
> > > use
> > > /etc/netgroups.
> > >
> > > I had a look to the removed code and I think it is possible to
> > > reintroduce netgroups support independently from NIS, using the
> > > getdomainname() function from glibc instead of
> > > yp_get_default_domain()
> > > from libnsl.
> > >
> > > Should we bring back netgroups support?
> > If you can do it to help a customer without an extra
> > support burdon, then go for it !
Certainly this is the case and the reason of this thread, the complains
come from a SLE customer.
> > I will help review the code.
> I agree. It is a hard line to find but I'm sorry we got too
> pulling stuff that folks were using.
> There is still a real use case for Samba that isn't all AD domains,
> matter how much I love them, and a set of administrators who have
> with us for decades now that have Samba working just how they want
> We removed it because the supporting libraries were going away, but
> looking over the code I see how netgroups could be quite handy,
> because they are not unix groups.
Yes, it looks like some deployments are still using them. I have partly
reverted the patches removing NIS support to bring back only netgroups
and created a bug for the backports.
More information about the samba-technical