[Samba] Samba on CentOS 8 with sssd and AD users/groups and local users/groups
Nico Kadel-Garcia
nkadel at gmail.com
Sat Jan 15 15:26:41 UTC 2022
On Sat, Jan 15, 2022 at 8:52 AM Kees van Vloten via samba
<samba at lists.samba.org> wrote:
>
> On 15-01-2022 14:05, Rowland Penny via samba wrote:
> > On Fri, 2022-01-14 at 20:16 +0000, Rowland Penny via samba wrote:
> >> On Fri, 2022-01-14 at 15:07 -0500, Luc Lalonde wrote:
> >>> Interesting... You didn't have problems with missing dependancies?
> >> No, just added the repo, installed pam_krb5 and configured
> >> /etc/security/pam_winbind.conf
> >>
> >>> They're really pushing you to use SSSD:
> >> Well they would, it is theirs.
> >>
> >>> pam_krb5
> >>>
> >>> This PAM module provides Kerberos-based authentication. From the
> >>> very
> >>> beginning of its existence the SSSD project was targeting
> >>> replacing
> >>> pam_krb5 on the system. SSSD has offered Kerberos authentication
> >>> for
> >>> years, but also much more. With the release of Red Hat Enterprise
> >>> Linux
> >>> 7.4 SSSD has the features that we believe users need from the
> >>> standard
> >>> pam_krb5 module, and we felt ready to add it to the set of
> >>> deprecated
> >>> PAM modules.
> >>>
> >>> Taken from (you need an account to read it, a free dev account will
> >>> do):
> >>>
> >>> https://access.redhat.com/solutions/4256011
> >> As far as I remember, the pam_krb5 they removed was their version,
> >> which wasn't very good, and had nothing to do with version that
> >> Debian
> >> uses.
> >>
> >> I just need to wait until tomorrow and see if my ticket is renewed,
> >> as
> >> on Debian.
> >>
> >> Rowland
> > Oh, I hate red-hat, No samba-tool (which I can understand because of no
> > DC code) and ldbsearch doesn't have '-P'
> >
> > Looks like I need to find an uptodate repo with Samba DC packages.
> >
> > Rowland
> >
> >
> >
> >
> Perhaps this: https://github.com/nkadel/samba4repo/
>
> It was mentioned on 12-11-2021 on the list.
>
> - Kees
I've not been publishing binaries, and I've not updated it
successfully to 4.15.3 for RHEL 7. There are some python dependency
issues that made me bang my head on the table.
I'm about ready to discard RHEL 7 as a supported platform, the work of
integrating the backported gnutls and other tools is getting to be
more work than I care to do. Is the MIT kerberos integration good
enough to rely on for RHEL 8 yet, in which case a lot of the work of
handling Heimdal Kerberos goes away.
More information about the samba
mailing list