[Samba] Samba on CentOS 8 with sssd and AD users/groups and local users/groups

[Patrick Goetz]

On 1/14/22 14:06, Peter Milesson via samba wrote:
> 
> 
> On 14.01.2022 19:27, Rowland Penny via samba wrote:
>> On Thu, 2022-01-13 at 14:06 -0500, Luc Lalonde via samba wrote:
>>> I've tried, but came to the conclusion that Debian is evil... and I
>>> won't go to the dark side ;-)
>>>
>>> Seriously, I prefer the way Redhat and derivatives (Fedora, Centos,
>>> etc)
>>> are organized.   Really, I could never get used to 'apt-whatever'.
>>> I
>>> also really like 'Kickstart' for auto-documenting setups.
>>>
>>> Hardware manufacturers will also offload support if you're not using
>>> an
>>> enterprise distro like RHEL or SUse.   I've had too man bad
>>> experiences
>>> with this.
>> I decided to set up Samba on a version of RHEL 8 and used almalinux. I
>> had more problem getting the GUI login to work than getting Samba and
>> winbind to work. There is only one problem, red-hat has removed pam-
>> krb5, so no kerberos unless I can find a repo somewhere. I ask, what
>> distro removes such a vital package without providing a replacement
>> (and yes, I know it is now built into sssd, which is not much help if
>> you are not using sssd).
>>
>> Rowland
> Hi folks,
> 
> I must chime in here as a long term user of CentOS (CentOS 7) in a 
> commercial environment. I have found CentOS fairly quirky to work with. 
> At the moment I have got a bunch of servers with CentOS 7 for different 
> purposes. I don't deny it's stable, but much of it is ancient, even 
> before CentOS 8 was published. On several occasions I have had problems 
> compiling  and/or installing software or drivers due to the environment 
> being extremely conservative. Also, CentOS tends to deviate too much 
> from Linux mainstream development with the advent of RHEL8, creating a 
> RedHat island, where you many times need professional (and expensive) 
> advice to overcome quirks. I don't deny there are pros and cons with 
> every distro, but the RedHat world is just not going in a direction that 
> I'm prepared to buy into.
> 
> The last 2 years I'm subsequently replacing CentOS with Debian, and I'm 
> very pleased with the stability, compatibility and ease of use of 
> Debian. IMHO, Debian is a golden middle path, using stable, well tested 
> components. I have migrated our Samba AD environment, including Windows 
> workstations and member servers during the last year, and I have no 
> regrets. I'm using Louis's Samba repos (4.15.3 at the moment), and I'm 
> very satisfied with the current state of things.
> 
> I have been using different flavors of Linux since 1996, for many years 
> mostly Slackware in non-GUI servers. However, development seemed to slow 
> down and apparently cease altogether, and the distro became stale, 
> excluding the use of many main stream components, or making use of them 
> very cumbersome, most notably Python 3. One of the main reasons I 
> migrated the Slackware servers to CentOS, was the need to migrate a very 
> ancient Samba NT domain to something more efficient. From stability and 
> security reasons, also due to the availability of HP supplied RAID 
> controller drivers I chose CentOS 7 at that time. But that saga ends 
> shortly.
> 
> So my conclusion is to stay mainstream. Too much deviation hurts, 
> sometimes very much so.
> 

So, everyone hates me-too emails, but as someone who admins in an 
environment with hundreds of Ubuntu, RHEL, and CentOS desktops and 
servers, I concur with this opinion.  The CentOS/RHEL stuff is always 
painfully out of date and I find the RHEL way of doing things to be 
cumbersome compared to Debian/Ubuntu.  Maybe CentOS streams addresses 
these issues, but everyone seems to be afraid to use it.

Personally, I prefer Arch linux for everything.  Arch is way more stable 
than people give it credit for, and I've successfully run Arch servers 
in production for years, even though people regularly tell me I'm insane 
for doing so. Everything is always completely up to date, which is not 
really a drawback any more, since one can run older or distro focused 
software in LXD containers with no performance degradation.  Of course 
when you work with other people in a professional environment and those 
people are terrified of Arch's in your face linux-ness, you have to make 
personal concessions to lower your standards, hence the mainstream 
distros at work. I nevertheless always advise junior admins to run Arch 
linux on their personal workstations because this is the best way to 
really learn how linux works without the -- usually ill-advised -- 
meddling that distros do when assembling packages and with the roll your 
own nature of Arch which is instrumental in learning how things are put 
together. And of course the Arch package management system is vastly 
superior to rpm or deb.  An Nvidia driver upgrade recently broke my 
ancient desktop of choice (Mate) on my workstation and it was a 5-second 
effort to use the Arch Linux Archive to revert to the previous version 
of the driver until someone has time to patch the affected X library.



> I wish you all pleasant weekend and thanks to the Samba people for a 
> great product and great support.
> 
> Peter
> 
> 
> 
> 
> 
>