[Samba] idmap & migration to rfc2307

buhorojo buhorojo.lcb at gmail.com
Mon Nov 9 10:22:19 UTC 2015 

On 09/11/15 10:05, Rowland Penny wrote:
> On 09/11/15 08:03, Michael Adam wrote:
>> On 2015-11-09 at 07:57 +0100, buhorojo wrote:
>>> On 08/11/15 23:40, Michael Adam wrote:
>>>> On 2015-11-08 at 22:50 +0100, buhorojo wrote:
>>>>> On 08/11/15 21:01, Michael Adam wrote:
>>>>>
>>>>>> so sssd is not at all an option.
>>>>> No? What it does do is just work.
>>>> No. It does not work for the internals of the ad/dc.
>>>> It may work in nsswitch.
>>>>
>>>> And did I mention this is neither a support
>>>> nor an advocating forum for sssd?
>>>>
>>>>> winbind doesn't. It is unfair on the OP to insist it does.
>>>> What does "OP" mean?
>>> http://lmgtfy.com/?q=what+does+OP+mean%3F
>> A-ha.
>>
>> Btw: "Works-for-me" is a completely valid statement.
>> It is even a state in bugzilla. It simply means
>> "I do not have enough information about your
>> setup to reproduce your issue." It is not unfair
>> but encourages further exchange of information
>> until the problem is understood and can be addressed
>> or the OP's config is fixed.
>>
>>>>>>> Currently it and nslcd are the only way to obtain full rfc2307
>>>>>>> and consistent ids on DCs. Neither winbind nor winbindd can do so.
>>>>>> Sure. winbindd can do it.
>>>>> Sorry but you are wrong. On a DC it can't.
>>>> If it does not fully work, then we need to fix that.
>>>> And as you so nicely pointed out earlier yourself
>>>> (for sssd in that case...), instead of recommending
>>>> the use of an unsupported external application,
>>>> please submit a bug report at https://bugzilla.samba.org/
>>> There are already many. Start with 10886.
>> Ah, thanks for the pointer.
>> We need to follow up on that.
>
> Let's be perfectly honest here, it was a mistake to not use the 
> unixHomeDirectory & loginShell attributes from the very beginning of 
> Samba4 and as such, this makes it the longest running bug of all!
> If it was fixed it would probably make Samba4 a good replacement for SBS.
>
> Rowland
>
>>> sssd unsupported? You must be joking. It's Red Hat! OK, it costs a 
>>> fortune
>>> but you can always get the Fedora version with mailing list support. 
>>> Or,
>>> build it yourslef even.
>> I am talking about "supported by Samba upstream",
>> not about "supported by a vendor or distribution".
>>
>> Also, in case you are not aware:
>> The AD/DC setup of Samba is not (yet) supported
>> by RedHat or Fedora. You need a self-compiled
>> Samba for that. Not sure about the support level...
>>
>> And if you have not noticed (even tough you have
>> been reminded before), this mailing list
>> is about Samba and its components, about helping
>> people to get the supported configurations working
>> and about improving Samba and its components.
>>
>> So could you please stop sabotaging these efforts?

We are helping, not sabotaging. Simply pointing out the facts and saving 
pain and time of those caught out by id mapping, and rfc2307. There 
_are_ solutions without winbind which work _now_ and that is a very 
important fact for many of the threads here which get palmed off with 
the 'we do not recommend the DC as a file server' nonsense. A DC works 
perfectly and reliably well as a file server too, just like Microsoft 
intended. Until such time as winbind works as well as sssd, we ought to 
be pointing out the latter as the only alternative to do a lot of what 
the posters on this list want, not wasting their time.

Thanks for volunteering to take a look at the longest running bugzilla 
of all.
M

>>
>> Michael
>>
>>
>

More information about the samba mailing list