[Samba] sssd-ad cannot be installed with sernet samba

Rowland Penny rowlandpenny at googlemail.com
Thu Apr 2 08:03:16 MDT 2015 

On 02/04/15 14:56, buhorojo wrote:
> On 02/04/15 15:45, Rowland Penny wrote:
>> On 02/04/15 14:35, buhorojo wrote:
>>> On 02/04/15 14:56, Rowland Penny wrote:
>>>> On 02/04/15 13:38, buhorojo wrote:
>>>>> On 02/04/15 14:09, Rowland Penny wrote:
>>>>>> On 02/04/15 12:41, buhorojo wrote:
>>>>>>> On 02/04/15 12:48, Rowland Penny wrote:
>>>>>>>> On 02/04/15 11:37, buhorojo wrote:
>>>>>>>>> On 02/04/15 12:19, Rowland Penny wrote:
>>>>>>>>>> On 02/04/15 11:05, buhorojo wrote:
>>>>>>>>>>> On 02/04/15 11:27, Rowland Penny wrote:
>>>>>>>>>>>> On 02/04/15 10:20, buhorojo wrote:
>>>>>>>>>>>>> On 02/04/15 08:36, L.P.H. van Belle wrote:
>>>>>>>>>>>>>> nss/winbind does work, yes, there is 1 missing file, just 
>>>>>>>>>>>>>> created it.
>>>>>>>>>>>>>> ( and this is not needed on a DC ! )
>>>>>>>>>>>>> So you are telling us that something that returns:
>>>>>>>>>>>>> /bin/false
>>>>>>>>>>>>>  when:
>>>>>>>>>>>>> /bin/bash
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> WHERE is the output from getent wrong ?
>>>>>>>
>>>>>>> Please read the thread. One example is given above.
>>>>>>> Thanks. It really doesn't matter;)
>>>>>>>
>>>>>>
>>>>>> OK, I have re-read the thread, I cannot find one example of the 
>>>>>> errors you get when using samba with the winbind backend, loads 
>>>>>> of errors when trying to install sssd with sernet packages, but 
>>>>>> no actual winbind errors.
>>>>> Once again:
>>>>> winbind gives /bin/false
>>>>> sssd gives /bin/bash
>>>>> The user has:
>>>>> loginShell: /bin/bash
>>>>>
>>>>> If it doesn't matter for you, don't worry!
>>>>>
>>>>>
>>>>
>>>> That is *NOT* an error, that is the way the winbind built into the 
>>>> samba daemon works, it does not pull anything else from AD other 
>>>> than the users uidNumber and the gidNumber of their primary group.
>>>> There is a work round involving the 'template' directories that can 
>>>> be set in smb.conf, these affect everybody that connects to the 
>>>> machine it is set on, per user settings cannot be set.
>>>>
>>>> It is one of the reasons against using the DC as a file server, but 
>>>> there are others. People have complained about the hard drive 
>>>> filling up until the DC is restarted, there have also been problems 
>>>> with excessive use of memory.
>>>>
>>>> I will put it this way, which part of the following statement do 
>>>> you not understand ?
>>>>
>>>> *We _do not recommend_ using the Domain Controller as a file Server*.
>>>>
>>>
>>> We run scripts which require accurate nss information. So, no 
>>> worries. On our machines, sssd works fine. winbind doesn't.
>>>
>>> Rowland, wasn't it you who asked the developers how much work it 
>>> would cost them to (to use your term) 'pull' unixHomeDirectory and 
>>> loginShell from AD using winbind? You seemed misled that it was to 
>>> be made available in the next version. It seems that the developers 
>>> themselves regretted that it wouldn't be.
>>>
>>
>> If you use samba as recommended, winbind will do all that sssd does 
>> for authentication.
> But not what we want of it.
>>
>> Yes I did ask, but I had it explained to me why it didn't yet work,
> And it still, 'doesn't yet work'.
>> I was also told that sssd is *not* a samba component and not to ask 
>> questions about it here on the *SAMBA* mailing list.
>>
>> Rowland
>>
> LOL. Slapped wrists indeed!
>


           ******************************************************
* *
           *                    Please do not feed the 
Troll                    *
* *
           ******************************************************

More information about the samba mailing list