[Samba] winbind offline logon

Rowland Penny rpenny at samba.org
Tue Feb 19 11:11:26 UTC 2019 

On Tue, 19 Feb 2019 12:02:30 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > Piviul via samba
> > Verzonden: dinsdag 19 februari 2019 11:11
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] winbind offline logon
> > 
> > Il 19/02/19 09:22, Rowland Penny via samba ha scritto:
> > > I have suggested that we deprecate the NT4-style domains, but one
> > > of the other Samba team members wants to keep them. I find this
> > > strange for several reasons, smbldap-tools is dead and no longer
> > > maintained, Microsoft keeps breaking them and the client code
> > > hasn't 
> > really worked
> > > for some time now. The vast majority of the Samba effort is aimed
> > > squarely at AD domains, trying to get somebody to fix your 
> > problem is
> > > going to take some time, especially as it works with AD.
> > 
> > I can understand your point of view but I can understand even 
> > the point of view of the people that administer our local
> > network... the last time I have tried to carry on the needing of
> > upgrading to AD I have been stopped by some users that need, for
> > obscure reasons, to put the time of their PCs in the past and AFAIK
> > this is not permitted in a AD domain...
> 
> Now, dont take this personaly.... 
> If you stopped buy users because some obscure reasons, because of
> things like.. `this is not permitted in a AD domain...` 
> Then you really should put more time into AD. 
> 
> Everything, you can do in NTDOM, you can in AD DOM. 
> 
> You will getting more problem the longer these admins wait with
> upgradeing to AD. You get some examples of what wont work in AD Dom
> setups and did in NTDOM setup.s And post these to the list, we will
> have a look.. 
> 
> Things like this will keep hitting your network more and more... for
> example,
> https://support.microsoft.com/en-us/help/4046019/guest-access-in-smb2-disabled-by-default-in-windows-10-and-windows-ser
> The line shows enough. Guest access in smb2 disabled by default in
> windows 10.. 
> 
> Now if samba denies access, it this a samba problem, no, this is a
> (bad) network Administrator problem. Again, not personal, this is a
> more general problem i see around me. And most problem i see, are
> because people dont follow the mass, stay behind, scared to upgrade,
> which result in the end, in a hard time to upgrade and/or
> compatibility problems. 
> 
> I'm saying this with 25years of system adminisitrator experience, and
> i've seen a lot. And it does matter what the os is, wait to long with
> updateing and you get problems, more stress etc etc. 
> 
> > 
> > Have a great day
> > 
> > Piviul
> > 
> 
> Greetz, 
> 
> Louis
> 
> 
> 

Well said Louis ;-)

If you are the sysadmin, you are in charge, but you need to take your
users concerns into account and if possible work around them, though
there will be times when you have to say no.

Rowland

More information about the samba mailing list