[Samba] sssd not a good idea

[Rowland penny]

On 12/06/2019 19:37, Vincent S. Cojot via samba wrote:
>
> Hi Robert & Rowland,
>
> So, I reached out to one of the developpers of 'sssd' that I know 
> personally. He assured me that 'sssd' is fully supported by RedHat and 
> he also said that they only test against MS-AD, not Samba-AD. He 
> thought that since Samba-AD aims for retro-compatibility with MS-AD, 
> things "should just work" with Samba-AD but again the term 'Supported' 
> is only for sssd in regard to MS-AD.
>
> (That also matches my personal experience but then again I have a very 
> simple AD domain on Samba 4.10.x with RHEL7).
>
> Also, since sssd has seen a lot of changes in recent times, it is 
> highly possible that some of the post-GA docs might not have been 
> updated to reflect this.. If there are other such bugs, please feel 
> free to let met know or open a documentation BZ directly on 
> https://bugzilla.redhat.com.
>
> This is just my 2c, I don't speak for 'Red Hat', I just work for them 
> (in a different field) and I run RHEL at home with self-built rpms on 
> top. that's it.
>
> Vincent
>
Vincent, you (and seemingly everybody else) seem to have missed the 
point, nobody is saying that you cannot use sssd, this is your choice.

All I have said is that Samba cannot give support for sssd, it doesn't 
produce it.

It also looks like red-hat now wants you to use winbind with Samba 
instead of sssd (if this changes, it will be reported)

If you (or anybody else) wants to use sssd, then do so, just do not 
expect to get help with it here, because we cannot make any required 
changes to the code, you will need to ask on the sssd-users mailing list.

I personally do not use sssd, though I did several years ago. I stopped 
using it because I found that I didn't need it, winbind did virtually 
everything I required, I just needed to use things like sudo-ldap 
instead of sudo.

Can we please put this sssd discussion to bed, it is going nowhere.

Rowland