thr3ads.net - samba - [Samba] Samba on CentOS 8 with sssd and AD users/groups and local users/groups [Jan 2022]

If this information is useful, please help other people find it:
Share via:

Rowland Penny

2022-Jan-13 15:47 UTC

[Samba] Samba on CentOS 8 with sssd and AD users/groups and local users/groups

On Thu, 2022-01-13 at 10:22 -0500, Luc Lalonde via samba
wrote:> Hello Rowland,
> 
> I've read the article mentionned below...  and I don't see how it
> could 
> be interpreted as a 'non-recomendation'.
Did you miss this under 'Support status':

[quote]
Therefore Red Hat currently does not recommend using the idmap_sss
module for Samba file server enrolled into an IdM or AD domain.
[/quote]

They only provide limited support if you use sssd with Samba and only
then if it is an existing setup.

I cannot see any other definition of 'does not recommend' other than
'do not use it'

Rowland

Luc Lalonde

2022-Jan-13 18:05 UTC

head link

[Samba] Samba on CentOS 8 with sssd and AD users/groups and local users/groups

No I read that!

To me it says:

 1. We know that there are issues with using SSSD and we're working on it
 2. We'll continue to support you if you choose this configuration
 3. We're not ready to offer a working supported alternative yet, again,
    we're working on it

In my experience, RHEL7 works well with standalone Winbind.

Unfortunately, I can't get it to work properly on RHEL8 without SSSD.

Perhaps I'm missing something, but the latest Redhat documentation 
continues to push SSSD + Winbind ad the way to go:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_authentication_and_authorization_in_rhel/configuring-a-rhel-host-to-use-ad-as-an-authentication-provider_configuring-authentication-and-authorization-in-rhel

I would love to dump SSSD on my RedHat/CentOS/Fedora systems... but 
we're not quite there yet!

On 1/13/22 10:47, Rowland Penny via samba wrote:> On Thu, 2022-01-13 at 10:22 -0500, Luc Lalonde via samba wrote:
>> Hello Rowland,
>>
>> I've read the article mentionned below...  and I don't see how
it
>> could
>> be interpreted as a 'non-recomendation'.
> Did you miss this under 'Support status':
>
> [quote]
> Therefore Red Hat currently does not recommend using the idmap_sss
> module for Samba file server enrolled into an IdM or AD domain.
> [/quote]
>
> They only provide limited support if you use sssd with Samba and only
> then if it is an existing setup.
>
> I cannot see any other definition of 'does not recommend' other
than
> 'do not use it'
>
> Rowland
>   
>
>-- 
Luc Lalonde, analyste
-----------------------------
D?partement de g?nie informatique et g?nie logiciel:
?cole polytechnique de MTL
(514) 340-4711 x5049
Luc.Lalonde at polymtl.ca

samba - Jan 2022 - Samba on CentOS 8 with sssd and AD users/groups and local users/groups

[Samba] Samba on CentOS 8 with sssd and AD users/groups and local users/groups

[Samba] Samba on CentOS 8 with sssd and AD users/groups and local users/groups