[Samba] idmap & migration to rfc2307

Rowland Penny rowlandpenny241155 at gmail.com
Mon Nov 9 09:05:00 UTC 2015 

On 09/11/15 08:03, Michael Adam wrote:
> On 2015-11-09 at 07:57 +0100, buhorojo wrote:
>> On 08/11/15 23:40, Michael Adam wrote:
>>> On 2015-11-08 at 22:50 +0100, buhorojo wrote:
>>>> On 08/11/15 21:01, Michael Adam wrote:
>>>>
>>>>> so sssd is not at all an option.
>>>> No? What it does do is just work.
>>> No. It does not work for the internals of the ad/dc.
>>> It may work in nsswitch.
>>>
>>> And did I mention this is neither a support
>>> nor an advocating forum for sssd?
>>>
>>>> winbind doesn't. It is unfair on the OP to insist it does.
>>> What does "OP" mean?
>> http://lmgtfy.com/?q=what+does+OP+mean%3F
> A-ha.
>
> Btw: "Works-for-me" is a completely valid statement.
> It is even a state in bugzilla. It simply means
> "I do not have enough information about your
> setup to reproduce your issue." It is not unfair
> but encourages further exchange of information
> until the problem is understood and can be addressed
> or the OP's config is fixed.
>
>>>>>> Currently it and nslcd are the only way to obtain full rfc2307
>>>>>> and consistent ids on DCs. Neither winbind nor winbindd can do so.
>>>>> Sure. winbindd can do it.
>>>> Sorry but you are wrong. On a DC it can't.
>>> If it does not fully work, then we need to fix that.
>>> And as you so nicely pointed out earlier yourself
>>> (for sssd in that case...), instead of recommending
>>> the use of an unsupported external application,
>>> please submit a bug report at https://bugzilla.samba.org/
>> There are already many. Start with 10886.
> Ah, thanks for the pointer.
> We need to follow up on that.

Let's be perfectly honest here, it was a mistake to not use the 
unixHomeDirectory & loginShell attributes from the very beginning of 
Samba4 and as such, this makes it the longest running bug of all!
If it was fixed it would probably make Samba4 a good replacement for SBS.

Rowland

>> sssd unsupported? You must be joking. It's Red Hat! OK, it costs a fortune
>> but you can always get the Fedora version with mailing list support. Or,
>> build it yourslef even.
> I am talking about "supported by Samba upstream",
> not about "supported by a vendor or distribution".
>
> Also, in case you are not aware:
> The AD/DC setup of Samba is not (yet) supported
> by RedHat or Fedora. You need a self-compiled
> Samba for that. Not sure about the support level...
>
> And if you have not noticed (even tough you have
> been reminded before), this mailing list
> is about Samba and its components, about helping
> people to get the supported configurations working
> and about improving Samba and its components.
>
> So could you please stop sabotaging these efforts?
>
> Michael
>
>

More information about the samba mailing list