[Samba] samba4 and sssd/winbind and user mapping (we needexamples)

L.P.H. van Belle belle at bazuin.nl
Tue Jan 28 01:46:43 MST 2014 

I would like to use winbind, but.. 

when i look here. 
http://wiki.samba.org/index.php/Samba4/Winbind 
there are so little real life examples. 

I adviced before we need a configuration matrix with some real life examples.
This wil give advantages for everybody, developer, installer, maintainer.. 
Why, we then have a more the same setup. 
Easier to bugfix for the users/developpers. 
Easier to install and/upgrade. 

I'm pro use-ing only the distro packages because of all of the upgrade and security fixed advantages. 
It's not allowed in my company to have compiling software on production servers. 
Yes, i know here we are a bit off, but i dont care about that, thats what you preffer yourself..
also, im also in to leaving the samba DC, only as DC ( and dns slave in my case ) 
and on every DC you dont need winbind, which fixes lots of "winbind" ( and/or sssd problems ) 
just install a domain member and put "winbind/sssd" ,whatever, on it, what you need. 

so comming back on the winbind thingy, when i look on the wiki i m really missing 
some options what in which case we put in smb.conf, and yes maybe it doesnt belong there because we have manuals.
But not every body knows everything and/or know what it means, so thats why im pro real life examples. 

i only see 1 thing on the wiki, about what to put in the smb.conf 

template shell = /bin/bash 

really, .. thats it, everybody know how hard it is to setup something for the first time. 
why do we lots of miscofigurations, yes, because nobody really reads the manual, AND understands it. 

Just a suggestion, how about, the people here, post there config and setup ( and anonymized it.. ) 
Just a thought.. 
like.. 

Im having a mixed domain. 
windows DNS/DHCP AD DC master. server 2008R2 in 2003 AD mode.
2 Samba4 DC servers with bind as backend, running debian wheezy. 
Im using sernet 4.1.3 and debian samba packages recompiled 4.1.3 from sid. 

No user logins in on the samba DC and because of that i dont need winbind nss_ldap/nss-switch of sssd settings.
I only use the netlogon/sysvol shares on these servers.  only 1 linux account logins on on these servers. 

I have setup my DC like this, its just the install after the join i only added the printing part,
This is because i didnt like the CUPS errors messages in my logs. 

My samba DC config, very clean. 
[global]
        workgroup = ROTTERDAM
        realm = rotterdam.bazuin.nl
        netbios name = WS005-S4DC-001
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate

#---- disable printing completely
        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes


So lets put a lots of examples here and put a bit of explation with it. 
from there we can put nice configs together and put it on the wiki as a base setup from where you can start.

Greetz, and... ow , and lets be nice to one another, the world already as bad as it is.
I like the samba crew, so lets all be nice to them, the deserve it and lets respect them. 


Louis

More information about the samba mailing list