[Samba] sssd-ad cannot be installed with sernet samba

L.P.H. van Belle belle at bazuin.nl
Thu Apr 2 08:45:20 MDT 2015 

but still no answers can be given correctly, because of no smb.conf is posted by buhorojo.
so question post you :
smb.conf
nsswitch.conf
idmap.conf 


I still bet your setup is wrong. 

What is the samba backend your using. ??
Ad or Rid ? 

I'l answere right now.... 

RID => use the template config in smb.conf
	this gives UID/GID AND homedir. 

AD => configure NIS extentions. 
	this gives uid/gid AND homedir.

both work for me with getent passwd / wbinfo -u / id username 
all give me the correct info.. 


Greetz, 

Louis




 

>-----Oorspronkelijk bericht-----
>Van: buhorojo.lcb at gmail.com 
>[mailto:samba-bounces at lists.samba.org] Namens buhorojo
>Verzonden: donderdag 2 april 2015 16:26
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] sssd-ad cannot be installed with sernet samba
>
>On 02/04/15 16:03, Rowland Penny wrote:
>> On 02/04/15 14:56, buhorojo wrote:
>>> On 02/04/15 15:45, Rowland Penny wrote:
>>>> On 02/04/15 14:35, buhorojo wrote:
>>>>> On 02/04/15 14:56, Rowland Penny wrote:
>>>>>> On 02/04/15 13:38, buhorojo wrote:
>>>>>>> On 02/04/15 14:09, Rowland Penny wrote:
>>>>>>>> On 02/04/15 12:41, buhorojo wrote:
>>>>>>>>> On 02/04/15 12:48, Rowland Penny wrote:
>>>>>>>>>> On 02/04/15 11:37, buhorojo wrote:
>>>>>>>>>>> On 02/04/15 12:19, Rowland Penny wrote:
>>>>>>>>>>>> On 02/04/15 11:05, buhorojo wrote:
>>>>>>>>>>>>> On 02/04/15 11:27, Rowland Penny wrote:
>>>>>>>>>>>>>> On 02/04/15 10:20, buhorojo wrote:
>>>>>>>>>>>>>>> On 02/04/15 08:36, L.P.H. van Belle wrote:
>>>>>>>>>>>>>>>> nss/winbind does work, yes, there is 1 missing file, 
>>>>>>>>>>>>>>>> just created it.
>>>>>>>>>>>>>>>> ( and this is not needed on a DC ! )
>>>>>>>>>>>>>>> So you are telling us that something that returns:
>>>>>>>>>>>>>>> /bin/false
>>>>>>>>>>>>>>>  when:
>>>>>>>>>>>>>>> /bin/bash
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> WHERE is the output from getent wrong ?
>>>>>>>>>
>>>>>>>>> Please read the thread. One example is given above.
>>>>>>>>> Thanks. It really doesn't matter;)
>>>>>>>>>
>>>>>>>>
>>>>>>>> OK, I have re-read the thread, I cannot find one 
>example of the 
>>>>>>>> errors you get when using samba with the winbind 
>backend, loads 
>>>>>>>> of errors when trying to install sssd with sernet 
>packages, but 
>>>>>>>> no actual winbind errors.
>>>>>>> Once again:
>>>>>>> winbind gives /bin/false
>>>>>>> sssd gives /bin/bash
>>>>>>> The user has:
>>>>>>> loginShell: /bin/bash
>>>>>>>
>>>>>>> If it doesn't matter for you, don't worry!
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> That is *NOT* an error, that is the way the winbind 
>built into the 
>>>>>> samba daemon works, it does not pull anything else from AD other 
>>>>>> than the users uidNumber and the gidNumber of their 
>primary group.
>>>>>> There is a work round involving the 'template' directories that 
>>>>>> can be set in smb.conf, these affect everybody that connects to 
>>>>>> the machine it is set on, per user settings cannot be set.
>>>>>>
>>>>>> It is one of the reasons against using the DC as a file server, 
>>>>>> but there are others. People have complained about the 
>hard drive 
>>>>>> filling up until the DC is restarted, there have also been 
>>>>>> problems with excessive use of memory.
>>>>>>
>>>>>> I will put it this way, which part of the following statement do 
>>>>>> you not understand ?
>>>>>>
>>>>>> *We _do not recommend_ using the Domain Controller as a 
>file Server*.
>>>>>>
>>>>>
>>>>> We run scripts which require accurate nss information. So, no 
>>>>> worries. On our machines, sssd works fine. winbind doesn't.
>>>>>
>>>>> Rowland, wasn't it you who asked the developers how much work it 
>>>>> would cost them to (to use your term) 'pull' 
>unixHomeDirectory and 
>>>>> loginShell from AD using winbind? You seemed misled that 
>it was to 
>>>>> be made available in the next version. It seems that the 
>developers 
>>>>> themselves regretted that it wouldn't be.
>>>>>
>>>>
>>>> If you use samba as recommended, winbind will do all that 
>sssd does 
>>>> for authentication.
>>> But not what we want of it.
>>>>
>>>> Yes I did ask, but I had it explained to me why it didn't yet work,
>>> And it still, 'doesn't yet work'.
>>>> I was also told that sssd is *not* a samba component and 
>not to ask 
>>>> questions about it here on the *SAMBA* mailing list.
>>>>
>>>> Rowland
>>>>
>>> LOL. Slapped wrists indeed!
>>>
>>
>>
>>           ******************************************************
>> * *
>>           *                    Please do not feed the 
>> Troll                    *
>> * *
>>           ******************************************************
>>
>>
>No. Just trying to get some answers which may help us move forward. A 
>different POV. No more.
>B.
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list