[Samba] sssd-ad cannot be installed with sernet samba

Andrey Repin anrdaemon at yandex.ru
Thu Apr 2 11:14:09 MDT 2015 

Greetings, Rowland Penny!

>> Once again:
>> winbind gives /bin/false
>> sssd gives /bin/bash
>> The user has:
>> loginShell: /bin/bash
>>
>> If it doesn't matter for you, don't worry!
>>
>>

> That is *NOT* an error,

NSS backend outright lying to the user is not a bug?
What is it then? A butterfly?
You're making so little sense, I begin to doubt your qualification.

> that is the way the winbind built into the samba
> daemon works, it does not pull anything else from AD other than the 
> users uidNumber and the gidNumber of their primary group.
> There is a work round involving the 'template' directories that can be 
> set in smb.conf, these affect everybody that connects to the machine it 
> is set on, per user settings cannot be set.

That is a direct contradiction to the very idea of having a single
authoritative user management database.
Or, if you like, I can compress the previous phrase into one word, starting
with "b".

> It is one of the reasons against using the DC as a file server,

How's setting winbind on a member server would alter the outcome?

> but there are others. People have complained about the hard drive filling up
> until the DC is restarted, there have also been problems with excessive 
> use of memory.

That's clearly indicate bugs breeding and multiplying in the application.
Instead of telling people "oh, just don't do it", why not fix the bugs?

> I will put it this way, which part of the following statement do you not 
> understand ?

> *We _do not recommend_ using the Domain Controller as a file Server*.

So, you are recommending to not use domain controller at all, I got it right?
Because a system that does nothing at all, just sitting there and grinning,
is an useless junk and should be discarded as soon as possible.

> As taken from the DC page on the samba wiki.

> I have no worries about using windbind, it works for me because I use it 
> as recommended, it would seem that you are the one with the worries.

So, you are not using your linux servers for terminal access?
SSH/SFTP/Git/whatever?
That explains your ignorance.


-- 
With best regards,
Andrey Repin
Thursday, April 2, 2015 20:04:41

Sorry for my terrible english...

More information about the samba mailing list