samba - Dec 2014 - uidNumber. ( Was: What is --rfc2307-from-nss ??)

On Mon, Dec 1, 2014 at 11:09 AM, Rowland Penny <rowlandpenny at
googlemail.com>
wrote:
> NO NO I can't take anymore :-D
>
> Please read the rest of the thread, it will explain all.

People seriously use this in a production environment?

The lack of documentation and confusion surrounding pretty basic posix auth
is extremely surprising.  I'm no noob at *nix admin and I'm having one
hell
of a time wrapping my brain around this.    I'm also not new to Samba.
https://lists.samba.org/archive/samba-ntdom/2001-October/020361.html

Greg

SME Server user and community member since 2000

On 01/12/14 19:14, Greg Zartman wrote:
> On Mon, Dec 1, 2014 at 11:09 AM, Rowland Penny 
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at
googlemail.com>> wrote:
>
>     NO NO I can't take anymore :-D
>
>     Please read the rest of the thread, it will explain all.
>
>
> People seriously use this in a production environment?
>
> The lack of documentation and confusion surrounding pretty basic posix 
> auth is extremely surprising.  I'm no noob at *nix admin and I'm 
> having one hell of a time wrapping my brain around this.    I'm also 
> not new to Samba. 
> https://lists.samba.org/archive/samba-ntdom/2001-October/020361.html
>
> Greg
>
> SME Server user and community member since 2000
Yes it is used in production :-)

Samba has changed a little bit since 2001 :-D

Rowland

On Mon, Dec 01, 2014 at 11:14:59AM -0800, Greg Zartman
wrote:
> On Mon, Dec 1, 2014 at 11:09 AM, Rowland Penny <rowlandpenny at
googlemail.com>
> wrote:
> 
> > NO NO I can't take anymore :-D
> >
> > Please read the rest of the thread, it will explain all.
> 
> 
> People seriously use this in a production environment?
> 
> The lack of documentation and confusion surrounding pretty basic posix auth
> is extremely surprising.  I'm no noob at *nix admin and I'm having
one hell
> of a time wrapping my brain around this.    I'm also not new to Samba.
> https://lists.samba.org/archive/samba-ntdom/2001-October/020361.html
The issues people are having with POSIX auth are
historical and to do with the AD environment having
its own winbind code.

This harks from a time when there was a danger the
project would split into two, a fileserver project
and an AD-DC project.

We are slowly but surely healing this wound, but
sometimes the stitches are still visible - the
S4 winbindd code is part of that.

Eventually we will get to a single unified winbindd
which works in both the AD-DC and member server case,
but you're going to have to bear with us until that
gets finished I'm afraid.

Reporting bugs and helping us fix them is a great
help there, thanks.

Jeremy.

On Mon, Dec 1, 2014 at 11:18 AM, Rowland Penny <rowlandpenny at
googlemail.com>
wrote:
>
> Yes it is used in production :-)
>
> Samba has changed a little bit since 2001 :-D
>
Yes, I know it has.  My point was that I've been working with Samba for
quite some time, so this is not all new to me.  I've also been contributing
to the SME Server project on this front for quite awhile and did the work
to deploy winbindd and NT4 dom server roles on SME Server.

We're making good headway on deploying Samba 4 on SME Server, but some of
this basic posix auth is a bit confusing.  The trick is writing an API to
interact with Samba 4 and deploy a config on SME Server that just works.
We don't want everyone who picks up SME Server to have to come over here
and ask the same questions I am.

-- 
Greg J. Zartman

SME Server user and community member since 2000

On 01/12/14 19:19, Jeremy Allison wrote:
> On Mon, Dec 01, 2014 at 11:14:59AM -0800, Greg Zartman wrote:
>> On Mon, Dec 1, 2014 at 11:09 AM, Rowland Penny <rowlandpenny at
googlemail.com>
>> wrote:
>>
>>> NO NO I can't take anymore :-D
>>>
>>> Please read the rest of the thread, it will explain all.
>>
>> People seriously use this in a production environment?
>>
>> The lack of documentation and confusion surrounding pretty basic posix
auth
>> is extremely surprising.  I'm no noob at *nix admin and I'm
having one hell
>> of a time wrapping my brain around this.    I'm also not new to
Samba.
>> https://lists.samba.org/archive/samba-ntdom/2001-October/020361.html
> The issues people are having with POSIX auth are
> historical and to do with the AD environment having
> its own winbind code.
>
> This harks from a time when there was a danger the
> project would split into two, a fileserver project
> and an AD-DC project.
>
> We are slowly but surely healing this wound, but
> sometimes the stitches are still visible - the
> S4 winbindd code is part of that.
>
> Eventually we will get to a single unified winbindd
> which works in both the AD-DC and member server case,
> but you're going to have to bear with us until that
> gets finished I'm afraid.
I understand and don't think that I am being ungrateful, but is there 
any chance that winbindd in 4.2 will pull the unixHomeDirectory & 
loginShell attributes ??

Rowland
>
> Reporting bugs and helping us fix them is a great
> help there, thanks.
>
> Jeremy.

On Mon, Dec 1, 2014 at 11:19 AM, Jeremy Allison <jra at samba.org> wrote:
>
> Reporting bugs and helping us fix them is a great
> help there, thanks.
>
I don't believe this is an issue of code not working correctly, but
documentation.  It is very difficult to know what all of these pieces in
Samba 4 are doing.  I know as a developer, this is the last thing you guys
want to do; but the primary source of info seems to be this list.  I feel
like every question I ask is taken as a stupid one.  This makes it very
difficult to deploy Samba 4

I've been examining portions of the Samba 4 python code, but progress is
very slow.


-- 
Greg J. Zartman
Board Member

Koozali Foundation, Inc.
2755 19th Street SE
Salem, Oregon 97302
Cell:  541-5218449

SME Server user and community member since 2000