[Samba] is SFU home directories an easy development?
Andrew Bartlett
abartlet at samba.org
Sun Dec 7 00:56:46 MST 2014
On Fri, 2014-12-05 at 20:11 +0000, Rowland Penny wrote:
> On 05/12/14 19:52, Andrew Bartlett wrote:
> > On Sun, 2014-11-30 at 12:52 +0000, Rowland Penny wrote:
> >
> >>> Steve (the doesn't want to work weekends one)
> >> Well, I agree with a lot of what he said, but not the way he said it,
> >> what I definitely agree with, is that the samba devs seem to be ignoring
> >> the platform that S4 is mainly running on, something they could easily
> >> change by just getting winbindd to pull **ALL** the RFC2307 attributes.
> > Rowland,
> >
> > Please don't say things are easy without enclosing the patch, or the
> > example re-configuration. For Samba 4.2, I'm simply glad to have been
> > able to deprecate the built in winbind. That was the only goal I had -
> > change the implementation, without changing the behaviour. Even then,
> > we have a blocker bug 10720 - "error: Unable to convert first SID" that
> > almost scuttled the whole idea.
> >
> > For better or worse, the idmap and nss codepaths in winbind are entirely
> > separate, so while conceptually connected, the practice is a little more
> > complex. How much more I'm sure you can tell me when you get back to me
> > with a patch, or an example config. Then, we can start on the equally
> > difficult path of deciding how/when to change the defaults, because
> > breaking existing systems on upgrade also isn't fair.
> >
> > In the meantime, please drop this, or open a commercial support case
> > with a vendor. Repeating this over and over isn't helping.
> >
> > Andrew Bartlett
> >
> OK Andrew, I accept what you are saying, I am only a 'user' and do not
> know how to write C code, but until you wrote 'the idmap and nss
> codepaths in winbind are entirely separate', I was not aware that this
> is the problem. I thought (erroneously, it would seem) that because
> 'winbindd' pulled (or seemed to) all the RFC2307 attributes on a member
> server and when used on the AD DC pulled only the users 'uidNumber' &
> 'gidNumber',
Can you remind me if you have tried using the same configuration you
used on the member server on the AD DC, and seen if it worked. Allowing
this was the intention, but as I say, not the current goal (setting
limited, sometimes very limited, goals has been the best way to avoid
this whole endeavour being over-whelming).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list