[Samba] sssd-ad cannot be installed with sernet samba
buhorojo.lcb at gmail.com
Thu Apr 2 12:25:53 MDT 2015
On 02/04/15 20:14, Harry Jede wrote:
> On 19:54:24 wrote Andrey Repin:
>> Greetings, Rowland Penny!
>>>>> nss/winbind does work, yes, there is 1 missing file, just created
>>>>> it. ( and this is not needed on a DC ! )
>>>> So you are telling us that something that returns:
>>>> is specified in the database is a piece of software that is
>>> You only need a shell if you are logging into the DC and you
>>> shouldn't be, the samba wiki couldn't be much plainer, it is not
>>> recommended to use the DC as a fileserver!
>> You can recommend whatever you like, the reality is that there's no
>> spare hardware is coming my way alongside your recommendations.
>> And I've been bitten by virtualization one time too many already to
>> feel reluctant to implement it in production.
>> Just check the last thread I started.
>>> However, if you must use the DC as a fileserver, investigate the
>>> 'template' lines for smb.conf
>> I can't see, how it can make a difference, if I'm setting winbind on
>> DC or a member server.
> OK. You dont understand it. winbind exists in two incarnations. winbind
> on samba dc, version 4.0.x and 4.1.x, winbindd (with two d) on all other
> samba versions.
>> The information is coming from same place -
>> from AD.
> Simply false. Read the docs.
> Information may be stored in AD, passwd db, nis, idmap.ldb or computed
> on the fly. Sometimes you have two stores at the same time.
>> What makes it behave differently, if set on different
> Different approaches for the same thing!! Mapping M$ identities to posix
> identities could be quite complex.
There is a good choice. Put all your data in the same database. All data
in AD, serving files from the DC. Forget winbind. Use sssd instead. It
does exactly what you want. A server just like windows intended. One box
for everything. No nis, no separate idmap database, nothing on the fly.
Just a server.
More information about the samba