Hai Ralph, I've been reading the thread now and.. Correct me where im wrong. Samba only needs a build parameter to enable idmap_sss or do i need more here? And when this is enabled, SSSD need to be rebuild with paramater --with-samba? Because, if thats the case, im starting today on the final 4.15.0 builds and maybe i can add it and put these in a separeted repo. If its not to much works, i'll think about this. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Ralph Boehme via samba > Verzonden: woensdag 22 september 2021 21:26 > Aan: Patrick Goetz; samba at lists.samba.org > Onderwerp: Re: [Samba] id mapping > > Am 22.09.21 um 18:00 schrieb Patrick Goetz: > > I'm a bit confused about what this branch does; i.e. if it's just to > > facilitate the use of idmap_sss, then why are patches needed? > > it doesn't facilitat idmap_sss, it *adds* idmap_sss. It's a > development > branch forket from the main samba development branch where I've added > the idmap_sss sources taken from the upstream sssd git repository. > > > Aren't people currently using idmap_sss with Samba, > > only on Redhat, because there Samba is patched to include idmap_sss. > Other Linuxes ship vanilla upstream Samba that doesn't > include idmap_sss. > > > or is that only > > because Redhat is patching Samba downstream and it doesn't work at > > all with Ubuntu systems even when sss is installed? > > > > I've read there's a memory leak in 4.11 anyway, and some people are > > recommending the source: http://apt.van-belle.nl/ as an alternative > > to the distro Samba packages available on Debian/Ubuntu. > > you will have to build your own packages on Ubuntu from source if you > want to use idmap_sss. > > -slow > > -- > Ralph Boehme, Samba Team https://samba.org/ > SerNet Samba Team Lead https://sernet.de/en/team-samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Am 23.09.21 um 09:32 schrieb L. van Belle:> I've been reading the thread now and.. Correct me where im wrong. > > Samba only needs a build parameter to enable idmap_sss or do i need more > here? > And when this is enabled, SSSD need to be rebuild with paramater > --with-samba?no, neither. You would have to apply patches to Samba. Samba doesn't ship idmap_sss. -slow -- Ralph Boehme, Samba Team https://samba.org/ SerNet Samba Team Lead https://sernet.de/en/team-samba -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20210923/11838978/OpenPGP_signature.sig>
On Thu, 2021-09-23 at 09:32 +0200, L. van Belle via samba wrote:> Hai Ralph, > > I've been reading the thread now and.. Correct me where im wrong. > > Samba only needs a build parameter to enable idmap_sss or do i need > more > here? > And when this is enabled, SSSD need to be rebuild with paramater > --with-samba? > > Because, if thats the case, im starting today on the final 4.15.0 > builds > and maybe i can add it and put these in a separeted repo. > If its not to much works, i'll think about this.Louis, please don't even think of doing this. Using sssd isn't supported by Samba because Samba doesn't produce it and, as I have shown previously, not even red hat supports its use with Samba. NOTE: The following is just my opinion! There appears to be two camps in red hat, one accepts that you shouldn't use sssd with Samba >=4.8.0 , the other will not accept this. Also if you do use sssd with Samba, there are numerous problems, one of which is that RHEL 8 no longer has libpam-krb5 Rowland