[Samba] is SFU home directories an easy development?
rowlandpenny at googlemail.com
Sun Dec 7 02:12:52 MST 2014
On 07/12/14 07:56, Andrew Bartlett wrote:
> On Fri, 2014-12-05 at 20:11 +0000, Rowland Penny wrote:
>> On 05/12/14 19:52, Andrew Bartlett wrote:
>>> On Sun, 2014-11-30 at 12:52 +0000, Rowland Penny wrote:
>>>>> Steve (the doesn't want to work weekends one)
>>>> Well, I agree with a lot of what he said, but not the way he said it,
>>>> what I definitely agree with, is that the samba devs seem to be ignoring
>>>> the platform that S4 is mainly running on, something they could easily
>>>> change by just getting winbindd to pull **ALL** the RFC2307 attributes.
>>> Please don't say things are easy without enclosing the patch, or the
>>> example re-configuration. For Samba 4.2, I'm simply glad to have been
>>> able to deprecate the built in winbind. That was the only goal I had -
>>> change the implementation, without changing the behaviour. Even then,
>>> we have a blocker bug 10720 - "error: Unable to convert first SID" that
>>> almost scuttled the whole idea.
>>> For better or worse, the idmap and nss codepaths in winbind are entirely
>>> separate, so while conceptually connected, the practice is a little more
>>> complex. How much more I'm sure you can tell me when you get back to me
>>> with a patch, or an example config. Then, we can start on the equally
>>> difficult path of deciding how/when to change the defaults, because
>>> breaking existing systems on upgrade also isn't fair.
>>> In the meantime, please drop this, or open a commercial support case
>>> with a vendor. Repeating this over and over isn't helping.
>>> Andrew Bartlett
>> OK Andrew, I accept what you are saying, I am only a 'user' and do not
>> know how to write C code, but until you wrote 'the idmap and nss
>> codepaths in winbind are entirely separate', I was not aware that this
>> is the problem. I thought (erroneously, it would seem) that because
>> 'winbindd' pulled (or seemed to) all the RFC2307 attributes on a member
>> server and when used on the AD DC pulled only the users 'uidNumber' &
> Can you remind me if you have tried using the same configuration you
> used on the member server on the AD DC, and seen if it worked. Allowing
> this was the intention, but as I say, not the current goal (setting
> limited, sometimes very limited, goals has been the best way to avoid
> this whole endeavour being over-whelming).
> Andrew Bartlett
Yes, I did use exactly the same winbind & idmap settings that worked on
a member server. My reasoning was, as 'winbindd' is supposed to be the
same daemon as used on the member server, you would set it up the same.
It did not pull the 'unixHomeDirectory' & 'loginShell' attributes, later
tests showed that the same results were obtain when the winbind & idmap
lines were removed from smb.conf.
Until you explained that two separate paths are pulled, I thought it
would be simple to fix (famous last words ;-) ) , I will know better
More information about the samba