[Samba] sssd-ad cannot be installed with sernet samba
Rowland Penny
rowlandpenny at googlemail.com
Thu Apr 2 11:20:27 MDT 2015
On 02/04/15 18:02, Andrey Repin wrote:
> Greetings, Rowland Penny!
>
>>>> nss/winbind does work, yes, there is 1 missing file, just created it.
>>>> ( and this is not needed on a DC ! )
>>> So you are telling us that something that returns:
>>> /bin/false
>>> when:
>>> /bin/bash
>>> is specified in the database is a piece of software that is working?
>>>
>> You only need a shell if you are logging into the DC and you shouldn't
>> be, the samba wiki couldn't be much plainer, it is not recommended to
>> use the DC as a fileserver!
> You can recommend whatever you like, the reality is that there's no spare
> hardware is coming my way alongside your recommendations.
> And I've been bitten by virtualization one time too many already to feel
> reluctant to implement it in production.
> Just check the last thread I started.
I understand where you are coming from, been there, had to do that :-)
>
>> However, if you must use the DC as a fileserver, investigate the
>> 'template' lines for smb.conf
> I can't see, how it can make a difference, if I'm setting winbind on DC or a
> member server. The information is coming from same place - from AD.
> What makes it behave differently, if set on different server?
>
>
Because, whilst using rfc2307 attributes on a samba AD member server
will get you the contents of the 'unixHomeDirectory' & 'loginShell'
attributes, on the samba AD DC itself, you won't.
Rowland
More information about the samba
mailing list