[Samba] sssd-ad cannot be installed with sernet samba

buhorojo buhorojo.lcb at gmail.com
Thu Apr 2 08:25:49 MDT 2015 

On 02/04/15 16:03, Rowland Penny wrote:
> On 02/04/15 14:56, buhorojo wrote:
>> On 02/04/15 15:45, Rowland Penny wrote:
>>> On 02/04/15 14:35, buhorojo wrote:
>>>> On 02/04/15 14:56, Rowland Penny wrote:
>>>>> On 02/04/15 13:38, buhorojo wrote:
>>>>>> On 02/04/15 14:09, Rowland Penny wrote:
>>>>>>> On 02/04/15 12:41, buhorojo wrote:
>>>>>>>> On 02/04/15 12:48, Rowland Penny wrote:
>>>>>>>>> On 02/04/15 11:37, buhorojo wrote:
>>>>>>>>>> On 02/04/15 12:19, Rowland Penny wrote:
>>>>>>>>>>> On 02/04/15 11:05, buhorojo wrote:
>>>>>>>>>>>> On 02/04/15 11:27, Rowland Penny wrote:
>>>>>>>>>>>>> On 02/04/15 10:20, buhorojo wrote:
>>>>>>>>>>>>>> On 02/04/15 08:36, L.P.H. van Belle wrote:
>>>>>>>>>>>>>>> nss/winbind does work, yes, there is 1 missing file, 
>>>>>>>>>>>>>>> just created it.
>>>>>>>>>>>>>>> ( and this is not needed on a DC ! )
>>>>>>>>>>>>>> So you are telling us that something that returns:
>>>>>>>>>>>>>> /bin/false
>>>>>>>>>>>>>>  when:
>>>>>>>>>>>>>> /bin/bash
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> WHERE is the output from getent wrong ?
>>>>>>>>
>>>>>>>> Please read the thread. One example is given above.
>>>>>>>> Thanks. It really doesn't matter;)
>>>>>>>>
>>>>>>>
>>>>>>> OK, I have re-read the thread, I cannot find one example of the 
>>>>>>> errors you get when using samba with the winbind backend, loads 
>>>>>>> of errors when trying to install sssd with sernet packages, but 
>>>>>>> no actual winbind errors.
>>>>>> Once again:
>>>>>> winbind gives /bin/false
>>>>>> sssd gives /bin/bash
>>>>>> The user has:
>>>>>> loginShell: /bin/bash
>>>>>>
>>>>>> If it doesn't matter for you, don't worry!
>>>>>>
>>>>>>
>>>>>
>>>>> That is *NOT* an error, that is the way the winbind built into the 
>>>>> samba daemon works, it does not pull anything else from AD other 
>>>>> than the users uidNumber and the gidNumber of their primary group.
>>>>> There is a work round involving the 'template' directories that 
>>>>> can be set in smb.conf, these affect everybody that connects to 
>>>>> the machine it is set on, per user settings cannot be set.
>>>>>
>>>>> It is one of the reasons against using the DC as a file server, 
>>>>> but there are others. People have complained about the hard drive 
>>>>> filling up until the DC is restarted, there have also been 
>>>>> problems with excessive use of memory.
>>>>>
>>>>> I will put it this way, which part of the following statement do 
>>>>> you not understand ?
>>>>>
>>>>> *We _do not recommend_ using the Domain Controller as a file Server*.
>>>>>
>>>>
>>>> We run scripts which require accurate nss information. So, no 
>>>> worries. On our machines, sssd works fine. winbind doesn't.
>>>>
>>>> Rowland, wasn't it you who asked the developers how much work it 
>>>> would cost them to (to use your term) 'pull' unixHomeDirectory and 
>>>> loginShell from AD using winbind? You seemed misled that it was to 
>>>> be made available in the next version. It seems that the developers 
>>>> themselves regretted that it wouldn't be.
>>>>
>>>
>>> If you use samba as recommended, winbind will do all that sssd does 
>>> for authentication.
>> But not what we want of it.
>>>
>>> Yes I did ask, but I had it explained to me why it didn't yet work,
>> And it still, 'doesn't yet work'.
>>> I was also told that sssd is *not* a samba component and not to ask 
>>> questions about it here on the *SAMBA* mailing list.
>>>
>>> Rowland
>>>
>> LOL. Slapped wrists indeed!
>>
>
>
>           ******************************************************
> * *
>           *                    Please do not feed the 
> Troll                    *
> * *
>           ******************************************************
>
>
No. Just trying to get some answers which may help us move forward. A 
different POV. No more.
B.

More information about the samba mailing list