[Samba] Samba on CentOS 8 with sssd and AD users/groups and local users/groups

Rowland Penny rpenny at samba.org
Sat Jan 15 16:04:32 UTC 2022 

On Sat, 2022-01-15 at 10:21 -0500, vincent at cojot.name wrote:
> Hi Rowland,
> 
> On Sat, 15 Jan 2022, Rowland Penny via samba wrote:
> 
> > Oh, I hate red-hat, No samba-tool (which I can understand because
> > of no
> > DC code) and ldbsearch doesn't have '-P'
> 
> I work with Red Hat and it pains me to see so much dislike in the 
> community. I cannot comment on the downstream directions taken by
> whoever 
> oversees such packages (perhaps because we have agreements about
> Azure 
> with Microsoft) but it pains me to see this. There are a lot of great
> and smart 
> OpenSource developpers in that company (I'm not one of them, I just
> a 
> consultant) and lots of redhatters are contributing to upstream
> Fedora 
> packages (where packages such as that pam_krb5 src.rpm is coming
> from).
> 
> This is also why I've attempted (in my limited time) to build rpms
> for 
> samba AD-DC for RHEL/Centos so people could still get a working DC
> on 
> RHEL/CentOS. Unfortunately, I lack the time to spend more time on
> this but 
> all of my modified SPEC files and rpms are in the URL below.
> 
> All I know is that I've been runnin an AD/DC (for my family) for over
> 3 
> years on RHEL and it's been running flawlessly. (this was the
> initial 
> reason I got into re-packaging this on RHEL).
> 
> > Looks like I need to find an uptodate repo with Samba DC packages.
> 
> Would the following URL be useful?
> 
> http://vince.cojot.name/dist/samba has all my rpmbuilds for 4.14
> (el8) en 
> < 4.13.x (el7) are there.. I still haven't had time to work on 4.15
> but 
> might try shortly..

I am sorry, but that might have come out a bit wrong :-(
Red-hat could have used Heimdal just for a Samba AD DC, but they
decided not to and are even on record as saying there will never be
Samba packages that can be be provisioned as an AD DC.
This has led to people like yourself trying to provide packages that
can be provisioned as an AD DC, but it seems to be extremely difficult.
This is compounded by RH removing packages e.g. pam_krb5

Compare this with the Debian distro's, they have had the capability to
provision a DC since Samba 4.0.0 
The only problem is that most distro's do not keep up with the latest
Samba, this is where repo's, like the one that Louis Van Belle
provides, come in.

My personal feeling is that the RH based distro's should only be used
with FreeIPA and use the Debian based distros with AD.

Rowland

More information about the samba mailing list