Il 18/02/19 19:12, Rowland Penny ha scritto:> [...] > Then do things, stop trying to use winbind, use nslcd instead. > > Then start planning to update to a Samba AD domain, before it is too > late.Hi Rowland, I'm sorry but I'm not the one can decide to upgrade to samba4 the domain controller, and I'm not the one that administer the domain controller. I would like but I can't. Furthermore, in my opinion, until the developers of samba decide to support samba3 and winbind, bugs have to be reported and hopefully solved and the solution of these bugs is not to don't use them... in my opinion. Have a great day Piviul
On Tue, 19 Feb 2019 08:24:53 +0100 Piviul via samba <samba at lists.samba.org> wrote:> Il 18/02/19 19:12, Rowland Penny ha scritto: > > [...] > > Then do things, stop trying to use winbind, use nslcd instead. > > > > Then start planning to update to a Samba AD domain, before it is too > > late. > Hi Rowland, I'm sorry but I'm not the one can decide to upgrade to > samba4 the domain controller, and I'm not the one that administer the > domain controller. I would like but I can't. > > Furthermore, in my opinion, until the developers of samba decide to > support samba3 and winbind, bugs have to be reported and hopefully > solved and the solution of these bugs is not to don't use them... in > my opinion. > > Have a great day > > Piviul > >I have suggested that we deprecate the NT4-style domains, but one of the other Samba team members wants to keep them. I find this strange for several reasons, smbldap-tools is dead and no longer maintained, Microsoft keeps breaking them and the client code hasn't really worked for some time now. The vast majority of the Samba effort is aimed squarely at AD domains, trying to get somebody to fix your problem is going to take some time, especially as it works with AD. Rowland
Il 19/02/19 09:22, Rowland Penny via samba ha scritto:> I have suggested that we deprecate the NT4-style domains, but one of > the other Samba team members wants to keep them. I find this strange > for several reasons, smbldap-tools is dead and no longer maintained, > Microsoft keeps breaking them and the client code hasn't really worked > for some time now. The vast majority of the Samba effort is aimed > squarely at AD domains, trying to get somebody to fix your problem is > going to take some time, especially as it works with AD.I can understand your point of view but I can understand even the point of view of the people that administer our local network... the last time I have tried to carry on the needing of upgrading to AD I have been stopped by some users that need, for obscure reasons, to put the time of their PCs in the past and AFAIK this is not permitted in a AD domain... Have a great day Piviul
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Piviul via samba > Verzonden: dinsdag 19 februari 2019 11:11 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] winbind offline logon > > Il 19/02/19 09:22, Rowland Penny via samba ha scritto: > > I have suggested that we deprecate the NT4-style domains, but one of > > the other Samba team members wants to keep them. I find this strange > > for several reasons, smbldap-tools is dead and no longer maintained, > > Microsoft keeps breaking them and the client code hasn't > really worked > > for some time now. The vast majority of the Samba effort is aimed > > squarely at AD domains, trying to get somebody to fix your > problem is > > going to take some time, especially as it works with AD. > > I can understand your point of view but I can understand even > the point of view of the people that administer our local network... > the last time I have tried to carry on the needing of upgrading to AD I have been > stopped by some users that need, for obscure reasons, to put the time of > their PCs in the past and AFAIK this is not permitted in a AD domain...Now, dont take this personaly.... If you stopped buy users because some obscure reasons, because of things like.. `this is not permitted in a AD domain...` Then you really should put more time into AD. Everything, you can do in NTDOM, you can in AD DOM. You will getting more problem the longer these admins wait with upgradeing to AD. You get some examples of what wont work in AD Dom setups and did in NTDOM setup.s And post these to the list, we will have a look.. Things like this will keep hitting your network more and more... for example, https://support.microsoft.com/en-us/help/4046019/guest-access-in-smb2-disabled-by-default-in-windows-10-and-windows-ser The line shows enough. Guest access in smb2 disabled by default in windows 10.. Now if samba denies access, it this a samba problem, no, this is a (bad) network Administrator problem. Again, not personal, this is a more general problem i see around me. And most problem i see, are because people dont follow the mass, stay behind, scared to upgrade, which result in the end, in a hard time to upgrade and/or compatibility problems. I'm saying this with 25years of system adminisitrator experience, and i've seen a lot. And it does matter what the os is, wait to long with updateing and you get problems, more stress etc etc.> > Have a great day > > Piviul >Greetz, Louis