[Samba] sssd-ad cannot be installed with sernet samba

buhorojo buhorojo.lcb at gmail.com
Fri Apr 3 03:19:20 MDT 2015

On 03/04/15 11:09, Rowland Penny wrote:
> On 02/04/15 22:54, Andrey Repin wrote:
>> Greetings, Harry Jede!
>>>> You can recommend whatever you like, the reality is that there's no
>>>> spare hardware is coming my way alongside your recommendations.
>>>> And I've been bitten by virtualization one time too many already to
>>>> feel reluctant to implement it in production.
>>>> Just check the last thread I started.
>>>>> However, if you must use the DC as a fileserver, investigate the
>>>>> 'template' lines for smb.conf
>>>> I can't see, how it can make a difference, if I'm setting winbind on
>>>> DC or a member server.
>>>   OK. You dont understand it. winbind exists in two incarnations. 
>>> winbind on
>>> samba dc, version 4.0.x and 4.1.x, winbindd (with two d) on all 
>>> other samba versions.
>> I have same Samba version on both, so, doesn't apply.
>>>> The information is coming from same place -
>>>> from AD.
>>>   Simply false. Read the docs.
>>> Information may be stored in AD, passwd db, nis, idmap.ldb or 
>>> computed on
>>> the fly. Sometimes you have two stores at the same time.
>> Where information MAY come from is irrelevant.
>> I told you, where it is coming from in my case.
>>>> What makes it behave differently, if set on different
>>>> server?
>>> Different approaches for the same thing!!
>>> Mapping M$ identities to posix identities could be quite complex.
>> I set the same program in the same fashion on two OS installations of 
>> the same
>> version - and suddenly it behave differently, depends on the server 
>> it runs
>> on, the phase of the moon and the height of snow cover on Alaska?
>> See above, I can compress this phrase into one word, starting with 
>> "b". And
>> that would not be a "bug".
> OK, from what you have posted, I am surmising that you are using samba 
> 4.2.0, in which case you will be using winbindd on all samba servers.
> Now, whilst winbindd is in use on all servers, it is used differently 
> depending on what the server is. If it is a DC, the samba daemon is 
> started and then this starts the smbd & winbindd daemons, 
> unfortunately, it would appear that not all the links are there to use 
> all that winbindd could provide. This means whilst you get the 
> uidNumber & the primarygroupid, you do not get anything else, this is 
> not a bug, it is a lack of a feature.

So why have you reported it a bug in Samba Bugzilla and labelled its 
priority as 'P5 major'?

More information about the samba mailing list