[Samba] sssd-ad cannot be installed with sernet samba

Harry Jede walk2sun at arcor.de
Thu Apr 2 13:06:24 MDT 2015


On 20:55:10 wrote buhorojo:
> On 02/04/15 20:14, Harry Jede wrote:
> > On 19:54:24 wrote Andrey Repin:
> >> Greetings, Rowland Penny!
> >> 
> >>>>> nss/winbind does work, yes, there is 1 missing file, just
> >>>>> created it. ( and this is not needed on a DC ! )
> >>>> 
> >>>> So you are telling us that something that returns:
> >>>> /bin/false
> >>>> 
> >>>>   when:
> >>>> /bin/bash
> >>>> is specified in the database is a piece of software that is
> >>>> working?
> >>> 
> >>> You only need a shell if you are logging into the DC and you
> >>> shouldn't be, the samba wiki couldn't be much plainer, it is not
> >>> recommended to use the DC as a fileserver!
> >> 
> >> You can recommend whatever you like, the reality is that there's
> >> no spare hardware is coming my way alongside your
> >> recommendations. And I've been bitten by virtualization one time
> >> too many already to feel reluctant to implement it in production.
> >> Just check the last thread I started.
> >> 
> >>> However, if you must use the DC as a fileserver, investigate the
> >>> 'template' lines for smb.conf
> >> 
> >> I can't see, how it can make a difference, if I'm setting winbind
> >> on DC or a member server.
> > 
> > OK. You dont understand it. winbind exists in two incarnations.
> > winbind on samba dc, version 4.0.x and 4.1.x, winbindd (with two
> > d) on all other samba versions.
> > 
> >> The information is coming from same place -
> >> from AD.
> > 
> > Simply false. Read the docs.
> > Information may be stored in AD, passwd db, nis, idmap.ldb or
> > computed on the fly. Sometimes you have two stores at the same
> > time.
> > 
> >> What makes it behave differently, if set on different
> >> server?
> > 
> > Different approaches for the same thing!! Mapping M$ identities to
> > posix identities could be quite complex.
> 
> Andrey
> There is a good choice. Put all your data in the same database.
Best approach, if it is possible.

> All data in AD, serving files from the DC.
small server approach, often unwanted.

> Forget winbind. Use sssd instead.
winbind, nslcd and sssd could do id mapping. Which of them is the best 
one? The one which fits your needs. Yes, here is no holy gral.

> It does exactly what you want. A server just like windows
> intended.
No, just your opinion.

> One box for everything.
Once again, a small server fan. Others have other needs.

> No nis, no separate idmap
> database, nothing on the fly. Just a server.


-- 

Regards
	Harry Jede


More information about the samba mailing list