[Samba] Samba on CentOS 8 with sssd and AD users/groups and local users/groups
vincent at cojot.name
vincent at cojot.name
Sat Jan 15 16:19:34 UTC 2022
On Sat, 15 Jan 2022, Rowland Penny via samba wrote:
> I am sorry, but that might have come out a bit wrong :-(
Hey, no worries. Everyone's got a right to express their feelings.. :)
> Red-hat could have used Heimdal just for a Samba AD DC, but they
> decided not to and are even on record as saying there will never be
> Samba packages that can be be provisioned as an AD DC.
> This has led to people like yourself trying to provide packages that
> can be provisioned as an AD DC, but it seems to be extremely difficult.
> This is compounded by RH removing packages e.g. pam_krb5
To be 100% honest, I wasn't even aware of that. Auth, IDM and AD are very
far from my area of expertise so I have no idea what might have led toward
this direction. (I'm mostly involved in the OpenStack, OpenShift and
RHEL/Satellite worlds, I don't do much IDM except as a 'consumer')
> Compare this with the Debian distro's, they have had the capability to
> provision a DC since Samba 4.0.0
> The only problem is that most distro's do not keep up with the latest
> Samba, this is where repo's, like the one that Louis Van Belle
> provides, come in.
This is great and what Debian is doing is wonderful. I'm a big fan even if
I never used their distros because I don't encounter them much in my field
of activity.
> My personal feeling is that the RH based distro's should only be used
> with FreeIPA and use the Debian based distros with AD.
Yes, it's probably easier for an out-of-box setup but at the end of the
day, Open Source is all about having choice. It was my own personal
decision to go through the pain of repackaging samba AD on top of RHEL
because I wanted to consume my favorite distro (and I thought it could be
done thanks to the efforts of the Fedora people and I followed the way
paved by TranquilIT's efforts too).
Thanks to LPH's massive efforts, setting up a fresh new AD is probably a
-lot- easier on Debian than on the RHEL family. What unites us is more
freedom of choice than anything else, I would argue.
My 2c,
Vincent
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list