[Samba] sssd-ad cannot be installed with sernet samba

Rowland Penny rowlandpenny at googlemail.com
Thu Apr 2 07:45:53 MDT 2015


On 02/04/15 14:35, buhorojo wrote:
> On 02/04/15 14:56, Rowland Penny wrote:
>> On 02/04/15 13:38, buhorojo wrote:
>>> On 02/04/15 14:09, Rowland Penny wrote:
>>>> On 02/04/15 12:41, buhorojo wrote:
>>>>> On 02/04/15 12:48, Rowland Penny wrote:
>>>>>> On 02/04/15 11:37, buhorojo wrote:
>>>>>>> On 02/04/15 12:19, Rowland Penny wrote:
>>>>>>>> On 02/04/15 11:05, buhorojo wrote:
>>>>>>>>> On 02/04/15 11:27, Rowland Penny wrote:
>>>>>>>>>> On 02/04/15 10:20, buhorojo wrote:
>>>>>>>>>>> On 02/04/15 08:36, L.P.H. van Belle wrote:
>>>>>>>>>>>> nss/winbind does work, yes, there is 1 missing file, just 
>>>>>>>>>>>> created it.
>>>>>>>>>>>> ( and this is not needed on a DC ! )
>>>>>>>>>>> So you are telling us that something that returns:
>>>>>>>>>>> /bin/false
>>>>>>>>>>>  when:
>>>>>>>>>>> /bin/bash
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> WHERE is the output from getent wrong ?
>>>>>
>>>>> Please read the thread. One example is given above.
>>>>> Thanks. It really doesn't matter;)
>>>>>
>>>>
>>>> OK, I have re-read the thread, I cannot find one example of the 
>>>> errors you get when using samba with the winbind backend, loads of 
>>>> errors when trying to install sssd with sernet packages, but no 
>>>> actual winbind errors.
>>> Once again:
>>> winbind gives /bin/false
>>> sssd gives /bin/bash
>>> The user has:
>>> loginShell: /bin/bash
>>>
>>> If it doesn't matter for you, don't worry!
>>>
>>>
>>
>> That is *NOT* an error, that is the way the winbind built into the 
>> samba daemon works, it does not pull anything else from AD other than 
>> the users uidNumber and the gidNumber of their primary group.
>> There is a work round involving the 'template' directories that can 
>> be set in smb.conf, these affect everybody that connects to the 
>> machine it is set on, per user settings cannot be set.
>>
>> It is one of the reasons against using the DC as a file server, but 
>> there are others. People have complained about the hard drive filling 
>> up until the DC is restarted, there have also been problems with 
>> excessive use of memory.
>>
>> I will put it this way, which part of the following statement do you 
>> not understand ?
>>
>> *We _do not recommend_ using the Domain Controller as a file Server*.
>>
>
> We run scripts which require accurate nss information. So, no worries. 
> On our machines, sssd works fine. winbind doesn't.
>
> Rowland, wasn't it you who asked the developers how much work it would 
> cost them to (to use your term) 'pull' unixHomeDirectory and 
> loginShell from AD using winbind? You seemed misled that it was to be 
> made available in the next version. It seems that the developers 
> themselves regretted that it wouldn't be.
>

If you use samba as recommended, winbind will do all that sssd does for 
authentication.

Yes I did ask, but I had it explained to me why it didn't yet work, I 
was also told that sssd is *not* a samba component and not to ask 
questions about it here on the *SAMBA* mailing list.

Rowland



More information about the samba mailing list