[Samba] Winbind troubles

[Jonathan Buzzard]

On Tue, 2013-07-23 at 14:20 +0100, Rowland Penny wrote:
> OK, the documentation is better but people still get it wrong probably
> because it is more complex than it needs to be, I personally find it
> easier to set sssd up, but that is just me. 
> 
> Why use a word like orthogonal?, just who knows what orthogonal means,
> I have only being speaking english for 56 years and have never used
> that word in a sentence, just say what you mean and do not hide behind
> gobbledy-gook.

Orthogonal is a single word, is precise and describes what is required
exactly. It has been in my vocabulary for approaching 30 years. None
overlapping range is three words and more characters as well. I was not
aware that Newspeak was now a requirement for posting on this list.

> 
> From what I can see the BUILTIN uids come from windows (and are called
> SID's) and there they are set in stone.
> 

The SID's are set in stone, they have no UID's set in stone. Winbind to
work allocates a UID to them in it's allocatable (usually local)
database. There must be no conflicts between these allocated UID's and
the UID's in the domain, hence the requirement that the ranges given to
winbind be orthogonal.

> from the sssd-1.9.0 announcement
> 
>   - Add a new PAC responder for dealing with cross-realm Kerberos
> trusts

Well that's relatively new (aka less than a year old). I guess not that
many enterprise distributions will carry it (though RHEL 6.4 does).

What gets me is people claiming that half a dozen lines of configuration
in smb.conf is more complicated than 30+ lines of configuration in an
entirely separate configuration file in addition to several lines in
smb.conf. It might be more performant, it might have fewer bugs etc. but
it is absolutely not simpler to configure.

JAB.

-- 
Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.