[Samba] sssd-ad cannot be installed with sernet samba
Rowland Penny
rowlandpenny at googlemail.com
Thu Apr 2 07:59:09 MDT 2015
On 02/04/15 14:37, Luca Olivetti wrote:
> El 02/04/15 a les 14:56, Rowland Penny ha escrit:
>
>> *We _do not recommend_ using the Domain Controller as a file Server*.
> I'm sorry to chime in again, but I have no intention of using the DC as
> a file server *but* I like to have the user mapping in place for other
> purposes (e.g. see the file ownership when I nfs mount the netapp storage).
> Since I already configured sssd in all member servers (in the test
> network, this isn't going to go live for a while) and winbind is not
> supposed to work on the DC (or so I read in this list) I simply thought
> that sssd was the natural solution.
>
> Bye
If the nfs mount is the DC, you are using the DC as a file server, but
if you are just using the DC for authentication, then winbind will do
what sssd does, you just need to set winbind correctly on the member
servers.
It isn't that winbind doesn't work on the DC, it is that, until 4.2,
winbind was built into the samba daemon and did not have the
capabilities of the standalone winbindd daemon. Unfortunately when 4.2
came out, it was found that though winbindd was now being used and some
of the problems had been solved, the unixhomedirectory & shell
attributes are still not available from AD. The devs seem to be
concentrating on getting the windows side working better/correctly
before any Unix problems, a mistake in my opinion, but they are writing
the code (something I couldn't do) and as such they get to say in which
direction to go (could be worse, LP could be one of the devs). I am sure
that the Unix winbindd problems will get fixed, I just unsure when :-)
Rowland
More information about the samba
mailing list