On 2015-11-09 at 07:57 +0100, buhorojo wrote:> On 08/11/15 23:40, Michael Adam wrote: > >On 2015-11-08 at 22:50 +0100, buhorojo wrote: > >>On 08/11/15 21:01, Michael Adam wrote: > >> > >>>so sssd is not at all an option. > >>No? What it does do is just work. > >No. It does not work for the internals of the ad/dc. > >It may work in nsswitch. > > > >And did I mention this is neither a support > >nor an advocating forum for sssd? > > > >>winbind doesn't. It is unfair on the OP to insist it does. > >What does "OP" mean? > http://lmgtfy.com/?q=what+does+OP+mean%3FA-ha. Btw: "Works-for-me" is a completely valid statement. It is even a state in bugzilla. It simply means "I do not have enough information about your setup to reproduce your issue." It is not unfair but encourages further exchange of information until the problem is understood and can be addressed or the OP's config is fixed.> >>>>Currently it and nslcd are the only way to obtain full rfc2307 > >>>>and consistent ids on DCs. Neither winbind nor winbindd can do so. > >>>Sure. winbindd can do it. > >>Sorry but you are wrong. On a DC it can't. > >If it does not fully work, then we need to fix that. > >And as you so nicely pointed out earlier yourself > >(for sssd in that case...), instead of recommending > >the use of an unsupported external application, > >please submit a bug report at https://bugzilla.samba.org/ > > There are already many. Start with 10886.Ah, thanks for the pointer. We need to follow up on that.> sssd unsupported? You must be joking. It's Red Hat! OK, it costs a fortune > but you can always get the Fedora version with mailing list support. Or, > build it yourslef even.I am talking about "supported by Samba upstream", not about "supported by a vendor or distribution". Also, in case you are not aware: The AD/DC setup of Samba is not (yet) supported by RedHat or Fedora. You need a self-compiled Samba for that. Not sure about the support level... And if you have not noticed (even tough you have been reminded before), this mailing list is about Samba and its components, about helping people to get the supported configurations working and about improving Samba and its components. So could you please stop sabotaging these efforts? Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20151109/7d838d1c/signature.sig>
On 09/11/15 08:03, Michael Adam wrote:> On 2015-11-09 at 07:57 +0100, buhorojo wrote: >> On 08/11/15 23:40, Michael Adam wrote: >>> On 2015-11-08 at 22:50 +0100, buhorojo wrote: >>>> On 08/11/15 21:01, Michael Adam wrote: >>>> >>>>> so sssd is not at all an option. >>>> No? What it does do is just work. >>> No. It does not work for the internals of the ad/dc. >>> It may work in nsswitch. >>> >>> And did I mention this is neither a support >>> nor an advocating forum for sssd? >>> >>>> winbind doesn't. It is unfair on the OP to insist it does. >>> What does "OP" mean? >> http://lmgtfy.com/?q=what+does+OP+mean%3F > A-ha. > > Btw: "Works-for-me" is a completely valid statement. > It is even a state in bugzilla. It simply means > "I do not have enough information about your > setup to reproduce your issue." It is not unfair > but encourages further exchange of information > until the problem is understood and can be addressed > or the OP's config is fixed. > >>>>>> Currently it and nslcd are the only way to obtain full rfc2307 >>>>>> and consistent ids on DCs. Neither winbind nor winbindd can do so. >>>>> Sure. winbindd can do it. >>>> Sorry but you are wrong. On a DC it can't. >>> If it does not fully work, then we need to fix that. >>> And as you so nicely pointed out earlier yourself >>> (for sssd in that case...), instead of recommending >>> the use of an unsupported external application, >>> please submit a bug report at https://bugzilla.samba.org/ >> There are already many. Start with 10886. > Ah, thanks for the pointer. > We need to follow up on that.Let's be perfectly honest here, it was a mistake to not use the unixHomeDirectory & loginShell attributes from the very beginning of Samba4 and as such, this makes it the longest running bug of all! If it was fixed it would probably make Samba4 a good replacement for SBS. Rowland>> sssd unsupported? You must be joking. It's Red Hat! OK, it costs a fortune >> but you can always get the Fedora version with mailing list support. Or, >> build it yourslef even. > I am talking about "supported by Samba upstream", > not about "supported by a vendor or distribution". > > Also, in case you are not aware: > The AD/DC setup of Samba is not (yet) supported > by RedHat or Fedora. You need a self-compiled > Samba for that. Not sure about the support level... > > And if you have not noticed (even tough you have > been reminded before), this mailing list > is about Samba and its components, about helping > people to get the supported configurations working > and about improving Samba and its components. > > So could you please stop sabotaging these efforts? > > Michael > >
On 2015-11-09 at 09:05 +0000, Rowland Penny wrote:> On 09/11/15 08:03, Michael Adam wrote: > >On 2015-11-09 at 07:57 +0100, buhorojo wrote: > >>On 08/11/15 23:40, Michael Adam wrote: > >>>please submit a bug report at https://bugzilla.samba.org/ > >>There are already many. Start with 10886. > >Ah, thanks for the pointer. > >We need to follow up on that. > > Let's be perfectly honest here, it was a mistake to not use the > unixHomeDirectory & loginShell attributes from the very beginning of Samba4Well, arguably so: In the beginning nsswitch integration was not the major point, but windows-facing AD features were. When nsswitch support was added, it was first done through the s4-internal winbind. Now this has been replaced by the s3-winbindd. winbindd is in principle capable of doing these things, by virtue of the idmap_ad code. But it has for a start been integrated differently, directly accessing the sam db and idmap db. And that code apparently needs to be extended to do the same. I fully agree it should! Now we need to find someone to hack on this. :-) I can give it a try, if none of the s4-devs is looking into it, but it may take a while...> and as such, this makes it the longest running bug of all!Well, possibly. I am afraid there are even longer running ones ... ;-) I'm embarrassed to see that we have been in discussion on that BZ roughly a year ago. The good thing is that we have just continued this very same discusion in this thread here. :-) Keep nagging! Cheers - Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20151109/e85532ae/signature.sig>
On 09/11/15 10:05, Rowland Penny wrote:> On 09/11/15 08:03, Michael Adam wrote: >> On 2015-11-09 at 07:57 +0100, buhorojo wrote: >>> On 08/11/15 23:40, Michael Adam wrote: >>>> On 2015-11-08 at 22:50 +0100, buhorojo wrote: >>>>> On 08/11/15 21:01, Michael Adam wrote: >>>>> >>>>>> so sssd is not at all an option. >>>>> No? What it does do is just work. >>>> No. It does not work for the internals of the ad/dc. >>>> It may work in nsswitch. >>>> >>>> And did I mention this is neither a support >>>> nor an advocating forum for sssd? >>>> >>>>> winbind doesn't. It is unfair on the OP to insist it does. >>>> What does "OP" mean? >>> http://lmgtfy.com/?q=what+does+OP+mean%3F >> A-ha. >> >> Btw: "Works-for-me" is a completely valid statement. >> It is even a state in bugzilla. It simply means >> "I do not have enough information about your >> setup to reproduce your issue." It is not unfair >> but encourages further exchange of information >> until the problem is understood and can be addressed >> or the OP's config is fixed. >> >>>>>>> Currently it and nslcd are the only way to obtain full rfc2307 >>>>>>> and consistent ids on DCs. Neither winbind nor winbindd can do so. >>>>>> Sure. winbindd can do it. >>>>> Sorry but you are wrong. On a DC it can't. >>>> If it does not fully work, then we need to fix that. >>>> And as you so nicely pointed out earlier yourself >>>> (for sssd in that case...), instead of recommending >>>> the use of an unsupported external application, >>>> please submit a bug report at https://bugzilla.samba.org/ >>> There are already many. Start with 10886. >> Ah, thanks for the pointer. >> We need to follow up on that. > > Let's be perfectly honest here, it was a mistake to not use the > unixHomeDirectory & loginShell attributes from the very beginning of > Samba4 and as such, this makes it the longest running bug of all! > If it was fixed it would probably make Samba4 a good replacement for SBS. > > Rowland > >>> sssd unsupported? You must be joking. It's Red Hat! OK, it costs a >>> fortune >>> but you can always get the Fedora version with mailing list support. >>> Or, >>> build it yourslef even. >> I am talking about "supported by Samba upstream", >> not about "supported by a vendor or distribution". >> >> Also, in case you are not aware: >> The AD/DC setup of Samba is not (yet) supported >> by RedHat or Fedora. You need a self-compiled >> Samba for that. Not sure about the support level... >> >> And if you have not noticed (even tough you have >> been reminded before), this mailing list >> is about Samba and its components, about helping >> people to get the supported configurations working >> and about improving Samba and its components. >> >> So could you please stop sabotaging these efforts?We are helping, not sabotaging. Simply pointing out the facts and saving pain and time of those caught out by id mapping, and rfc2307. There _are_ solutions without winbind which work _now_ and that is a very important fact for many of the threads here which get palmed off with the 'we do not recommend the DC as a file server' nonsense. A DC works perfectly and reliably well as a file server too, just like Microsoft intended. Until such time as winbind works as well as sssd, we ought to be pointing out the latter as the only alternative to do a lot of what the posters on this list want, not wasting their time. Thanks for volunteering to take a look at the longest running bugzilla of all. M>> >> Michael >> >> >