[Samba] sssd-ad cannot be installed with sernet samba

[buhorojo]

On 02/04/15 20:14, Harry Jede wrote:
> On 19:54:24 wrote Andrey Repin:
>> Greetings, Rowland Penny!
>>
>>>>> nss/winbind does work, yes, there is 1 missing file, just created
>>>>> it. ( and this is not needed on a DC ! )
>>>> So you are telling us that something that returns:
>>>> /bin/false
>>>>
>>>>   when:
>>>> /bin/bash
>>>> is specified in the database is a piece of software that is
>>>> working?
>>> You only need a shell if you are logging into the DC and you
>>> shouldn't be, the samba wiki couldn't be much plainer, it is not
>>> recommended to use the DC as a fileserver!
>> You can recommend whatever you like, the reality is that there's no
>> spare hardware is coming my way alongside your recommendations.
>> And I've been bitten by virtualization one time too many already to
>> feel reluctant to implement it in production.
>> Just check the last thread I started.
>>
>>> However, if you must use the DC as a fileserver, investigate the
>>> 'template' lines for smb.conf
>> I can't see, how it can make a difference, if I'm setting winbind on
>> DC or a member server.
> OK. You dont understand it. winbind exists in two incarnations. winbind
> on samba dc, version 4.0.x and 4.1.x, winbindd (with two d) on all other
> samba versions.
>
>> The information is coming from same place -
>> from AD.
> Simply false. Read the docs.
> Information may be stored in AD, passwd db, nis, idmap.ldb or computed
> on the fly. Sometimes you have two stores at the same time.
>
>> What makes it behave differently, if set on different
>> server?
> Different approaches for the same thing!! Mapping M$ identities to posix
> identities could be quite complex.
>
Andrey
There is a good choice. Put all your data in the same database. All data 
in AD, serving files from the DC. Forget winbind. Use sssd instead. It 
does exactly what you want. A server just like windows intended. One box 
for everything. No nis, no separate idmap database, nothing on the fly. 
Just a server.