[Samba] sssd-ad cannot be installed with sernet samba
Rowland Penny
rowlandpenny at googlemail.com
Thu Apr 2 11:28:34 MDT 2015
On 02/04/15 18:14, Andrey Repin wrote:
> Greetings, Rowland Penny!
>
>>> Once again:
>>> winbind gives /bin/false
>>> sssd gives /bin/bash
>>> The user has:
>>> loginShell: /bin/bash
>>>
>>> If it doesn't matter for you, don't worry!
>>>
>>>
>> That is *NOT* an error,
> NSS backend outright lying to the user is not a bug?
> What is it then? A butterfly?
> You're making so little sense, I begin to doubt your qualification.
>
>> that is the way the winbind built into the samba
>> daemon works, it does not pull anything else from AD other than the
>> users uidNumber and the gidNumber of their primary group.
>> There is a work round involving the 'template' directories that can be
>> set in smb.conf, these affect everybody that connects to the machine it
>> is set on, per user settings cannot be set.
> That is a direct contradiction to the very idea of having a single
> authoritative user management database.
> Or, if you like, I can compress the previous phrase into one word, starting
> with "b".
>
>> It is one of the reasons against using the DC as a file server,
> How's setting winbind on a member server would alter the outcome?
>
>> but there are others. People have complained about the hard drive filling up
>> until the DC is restarted, there have also been problems with excessive
>> use of memory.
> That's clearly indicate bugs breeding and multiplying in the application.
> Instead of telling people "oh, just don't do it", why not fix the bugs?
>
>> I will put it this way, which part of the following statement do you not
>> understand ?
>> *We _do not recommend_ using the Domain Controller as a file Server*.
> So, you are recommending to not use domain controller at all, I got it right?
> Because a system that does nothing at all, just sitting there and grinning,
> is an useless junk and should be discarded as soon as possible.
>
>> As taken from the DC page on the samba wiki.
>> I have no worries about using windbind, it works for me because I use it
>> as recommended, it would seem that you are the one with the worries.
> So, you are not using your linux servers for terminal access?
> SSH/SFTP/Git/whatever?
> That explains your ignorance.
>
>
Look, I am with you here, samba no matter where you use it should use
the rfc2307 attributes if they are available, but they aren't all used
on the DC. We will just have to wait until the devs get round to making
the others work. It is no use complaining to me, I actually opened a bug
on this for 4.2rc2 10886, perhaps if people add to this, something may
happen, I don't know, I have no control over the devs.
Rowland
More information about the samba
mailing list