[Samba] Documenting 'works great with Samba AD' (was: Re: Using Samba AD/DC as an Active Directory OAuth provider for OpenShift)

Andrew Bartlett abartlet at samba.org
Sun Aug 23 03:09:59 UTC 2020 

On Sat, 2020-08-22 at 16:31 -0400, Vincent S. Cojot via samba wrote:
> Hi Andrew, Hi Rowland,
> 
> I just spent close to one hour debugging this with one OpenShift 
> specialist from RedHat. What we figured was:
> 
> 1) both of my configs work (auth and group-sync) and are in fact correct.
> 
> 2) OCP group sync does not sync the groups that have no explicit 'member' 
> Attribute or groups that are 'default' groups (E.g: 'Domain Users') where membership 
> is through the primaryGroupID.
> 
> So things are in fact working and they'll be reaching out to me because 
> I'm one of the few guys with a working 'Active Directory' in his home/lab 
> and they'd like to support ActiveDirectory in the Group Sync Operator 
> they're writing upstream. :)
> 
> Thank you for your help debugging this yesterday. I keep trying to 
> evangelize Samba AD/DC internally to my peers and the level of help I 
> received on that issue really makes the case for this type of setup.
> I will most likely write a post about this.

Thanks for the feedback.  I thank you for your work, the more software
that is clearly documented as 'works great with Samba' the better for
Samba.

I also think it is awesome for the software we work with: one thing
that makes Samba really handy as an AD DC is that it can fit into
manual and CI testing of Linux-centric products like OpenShift,
standing in for Microsoft's AD reliably yet automating on par with the
rest of the system.

I look forward to your post, hopefully you can find a place to those
instructions.

More broadly, I would love to have curated 'works great with Samba AD'
page.  With (links to) instructions about how to configure sssd (yes,
really), mod_auth_ntlm_winbind, mod_auth_kerb, Packetfence, Django,
Azure AD (stating known limitations) etc.  

While for many tools it is 'just use like Windows AD', having a page
that confidently explains that it really works with Samba should help
our adoption, if only to show to higher-up management who are yet to be
convinced.

I don't have the time to write all this, but hit me up if you need
pages created in the wiki or the permission to do so!

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list