[Samba] working well with sssd

Rowland Penny rpenny at samba.org
Thu Sep 23 16:45:34 UTC 2021 

On Thu, 2021-09-23 at 09:15 -0700, Jeremy Allison wrote:
> On Thu, Sep 23, 2021 at 10:20:00AM +0100, Rowland Penny via samba
> wrote:
> > I do not think we need sssd, we just need to make Samba easier to
> > set
> > up, something along the lines of a combination of the 'rid' and
> > 'ad'
> > backends, the 'rid' for idmapping and 'ad' for the rest of the
> > rfc2307
> > attributes. I cannot write 'C' code so cannot help here.
> > 
> > We either need to swallow sssd into Samba and alter it to our uses
> > or
> > ignore it.
> 
> There are other options :-). Remember, some of the people
> writing sssd are our colleagues on the Samba Team, and
> we should try and appreciate their contributions a little
> more :-).

I am aware that some of the Samba team also work on the sssd code, but
Samba as a whole does not produce sssd, so, in my opinion, Samba cannot
really provide support for sssd, this is what the sssd-users mailing
list is for.

> 
> Remember they are constrained by their job in how much they
> can help w.r.t. making winbindd better (they are paid to
> work on sssd after all) and unlike them you are able to
> "speak truth to power" (that's one of the things I love
> about you Rowland, you have a very Lancastrian ability to
> speak your mind without fear or favour :-).

I know that if you are paid to work on something, you will probably
want to push that over other ways of doing something. I, on the other
hand, have always spoken what I see to be the truth, which has got me
in trouble sometimes, but hey, speak the truth and shame the devil.

> 
> But if we can't help with sssd sometimes it's better
> to be silent than berate people for what we think are..
> lets just call them "less optimal choices" :-).

I don't think I have ever berated anybody about sssd, I have just said
that Samba does not support its use (and it seems that some parts of
red hat does not support the use of sssd with Samba, it says so in the
RHEL 8 documentation)

> 
> Proposing alternatives is fine, but remember, "you
> can lead a horse to water, but.." :-).

Lock the horse away for two or three days, then take it to the water,
it will drink :-D

Rowland

> 
> Cheers,
> 
> Jeremy.

More information about the samba mailing list