[Samba] sssd-ad cannot be installed with sernet samba

Rowland Penny rowlandpenny at googlemail.com
Thu Apr 2 06:56:28 MDT 2015

On 02/04/15 13:38, buhorojo wrote:
> On 02/04/15 14:09, Rowland Penny wrote:
>> On 02/04/15 12:41, buhorojo wrote:
>>> On 02/04/15 12:48, Rowland Penny wrote:
>>>> On 02/04/15 11:37, buhorojo wrote:
>>>>> On 02/04/15 12:19, Rowland Penny wrote:
>>>>>> On 02/04/15 11:05, buhorojo wrote:
>>>>>>> On 02/04/15 11:27, Rowland Penny wrote:
>>>>>>>> On 02/04/15 10:20, buhorojo wrote:
>>>>>>>>> On 02/04/15 08:36, L.P.H. van Belle wrote:
>>>>>>>>>> nss/winbind does work, yes, there is 1 missing file, just 
>>>>>>>>>> created it.
>>>>>>>>>> ( and this is not needed on a DC ! )
>>>>>>>>> So you are telling us that something that returns:
>>>>>>>>> /bin/false
>>>>>>>>>  when:
>>>>>>>>> /bin/bash
>>>> WHERE is the output from getent wrong ?
>>> Please read the thread. One example is given above.
>>> Thanks. It really doesn't matter;)
>> OK, I have re-read the thread, I cannot find one example of the 
>> errors you get when using samba with the winbind backend, loads of 
>> errors when trying to install sssd with sernet packages, but no 
>> actual winbind errors.
> Once again:
> winbind gives /bin/false
> sssd gives /bin/bash
> The user has:
> loginShell: /bin/bash
> If it doesn't matter for you, don't worry!

That is *NOT* an error, that is the way the winbind built into the samba 
daemon works, it does not pull anything else from AD other than the 
users uidNumber and the gidNumber of their primary group.
There is a work round involving the 'template' directories that can be 
set in smb.conf, these affect everybody that connects to the machine it 
is set on, per user settings cannot be set.

It is one of the reasons against using the DC as a file server, but 
there are others. People have complained about the hard drive filling up 
until the DC is restarted, there have also been problems with excessive 
use of memory.

I will put it this way, which part of the following statement do you not 
understand ?

*We _do not recommend_ using the Domain Controller as a file Server*.

As taken from the DC page on the samba wiki.

I have no worries about using windbind, it works for me because I use it 
as recommended, it would seem that you are the one with the worries.


More information about the samba mailing list