[Samba] working well with sssd

Rowland Penny rpenny at samba.org
Thu Sep 23 19:16:52 UTC 2021

On Thu, 2021-09-23 at 18:35 +0000, Billy Bob via samba wrote:
>  I am VERY happy to see this discussion. I literally cringe every
> time someone asks a sssd question because of the hostility toward
> sssd they are about to at least perceive.
> I have never understood why sssd seems to be singled out for "hands-
> off" treatment by the SAMBA crew. Is accommodating sssd really any
> different than working with bind9 or time or ntp? How about
> integrations with things like pfsense, where the ability to install
> the ideal software on a stand-alone hardware system may be more
> constrained?
> I think it is also very important to note that when people are asking
> questions about sssd and SAMBA, it is very often the case that other
> considerations required sssd AND the integration with SAMBA is for
> the environment of concern very difficult. This sounds exactly like
> the the type of issue that this list should address. It is clear that
> there is a wealth of knowledge here about the problems that arise ...
> any why. If not this list to help solve or work around those
> problems, to help make SAMBA work with sssd to solve the user's real
> problem (usually one of preserving existing and difficult or
> expensive to change environments), then WHO SHOULD? Perhaps it is the
> case that BOTH this list and lists for sssd (as well as other
> products, as the case may be) should be worked with concurrently, but
> I cannot fathom why the user with a (urgent, critical, real world
> ...) problem should be forced to solve it without also being able to
> freely and with welcome arms tap the knowledge of the people who know
> SAMBA best.
> I think it is fine, if the user desires, to discuss alternatives that
> may be more suitable. I do not think that should be the starting
> point, or worse the default position, which should be to help find a
> way to make a system run or, more critically, get a broken system
> back up and running.
> Easy problems, although often important, are a bit boring. We should
> embrace the hard problems, and take pride in a job well done making
> the "impossible" possible.
> Just my take, as an otherwise fly on the wall but daily observer if
> this list.

All of this is my opinion.

Lets get this out in the open, I have no hostility towards sssd, I just
do not see the point of using it with Samba, Samba can do everything
that sssd can do.

My concerns about using sssd with Samba is that Samba does not produce
it and cannot therefore support it in a reasonable way, the place to
get support for sssd is the sssd-users mailing list.

Samba can support Bind9 and ntp by describing how to set them up to
work with a Samba AD DC. Anything else would have to be triaged and
what Samba can fix, would be fixed, anything else would need to be sent
to the relevant upstream supplier, which is what should happen with
If anyone wants to use sssd with Samba, then that is their decision,
but they should not expect to get help with it from Samba, there is
enough to support on Samba already without supporting another suppliers
product. To put this in context, it is like taking a Ford car to a
Volvo dealer and asking them to fix, they will do their best, but you
would get better service from a Ford dealer.

Seeing has how I seem to be upsetting people by pointing out that sssd
isn't a Samba product, I will ignore such posts in future and let
others try to help.



More information about the samba mailing list