Andrew Bartlett
2014-Dec-05 19:52 UTC
[Samba] is SFU home directories an easy development?
On Sun, 2014-11-30 at 12:52 +0000, Rowland Penny wrote:> > Steve (the doesn't want to work weekends one) > Well, I agree with a lot of what he said, but not the way he said it, > what I definitely agree with, is that the samba devs seem to be ignoring > the platform that S4 is mainly running on, something they could easily > change by just getting winbindd to pull **ALL** the RFC2307 attributes.Rowland, Please don't say things are easy without enclosing the patch, or the example re-configuration. For Samba 4.2, I'm simply glad to have been able to deprecate the built in winbind. That was the only goal I had - change the implementation, without changing the behaviour. Even then, we have a blocker bug 10720 - "error: Unable to convert first SID" that almost scuttled the whole idea. For better or worse, the idmap and nss codepaths in winbind are entirely separate, so while conceptually connected, the practice is a little more complex. How much more I'm sure you can tell me when you get back to me with a patch, or an example config. Then, we can start on the equally difficult path of deciding how/when to change the defaults, because breaking existing systems on upgrade also isn't fair. In the meantime, please drop this, or open a commercial support case with a vendor. Repeating this over and over isn't helping. Andrew Bartlett -- Andrew Bartlett samba.org/~abartlet Authentication Developer, Samba Team samba.org Samba Developer, Catalyst IT catalyst.net.nz/services/samba
On 05/12/14 19:52, Andrew Bartlett wrote:> On Sun, 2014-11-30 at 12:52 +0000, Rowland Penny wrote: > >>> Steve (the doesn't want to work weekends one) >> Well, I agree with a lot of what he said, but not the way he said it, >> what I definitely agree with, is that the samba devs seem to be ignoring >> the platform that S4 is mainly running on, something they could easily >> change by just getting winbindd to pull **ALL** the RFC2307 attributes. > Rowland, > > Please don't say things are easy without enclosing the patch, or the > example re-configuration. For Samba 4.2, I'm simply glad to have been > able to deprecate the built in winbind. That was the only goal I had - > change the implementation, without changing the behaviour. Even then, > we have a blocker bug 10720 - "error: Unable to convert first SID" that > almost scuttled the whole idea. > > For better or worse, the idmap and nss codepaths in winbind are entirely > separate, so while conceptually connected, the practice is a little more > complex. How much more I'm sure you can tell me when you get back to me > with a patch, or an example config. Then, we can start on the equally > difficult path of deciding how/when to change the defaults, because > breaking existing systems on upgrade also isn't fair. > > In the meantime, please drop this, or open a commercial support case > with a vendor. Repeating this over and over isn't helping. > > Andrew Bartlett >OK Andrew, I accept what you are saying, I am only a 'user' and do not know how to write C code, but until you wrote 'the idmap and nss codepaths in winbind are entirely separate', I was not aware that this is the problem. I thought (erroneously, it would seem) that because 'winbindd' pulled (or seemed to) all the RFC2307 attributes on a member server and when used on the AD DC pulled only the users 'uidNumber' & 'gidNumber', that it was just a small problem, I now know it is going to be a bigger job than I thought and I will just have to wait until it reaches its place in the todo queue. I apologise if I have upset anybody, it was not my intention. Rowland
Andrew Bartlett
2014-Dec-07 07:56 UTC
[Samba] is SFU home directories an easy development?
On Fri, 2014-12-05 at 20:11 +0000, Rowland Penny wrote:> On 05/12/14 19:52, Andrew Bartlett wrote: > > On Sun, 2014-11-30 at 12:52 +0000, Rowland Penny wrote: > > > >>> Steve (the doesn't want to work weekends one) > >> Well, I agree with a lot of what he said, but not the way he said it, > >> what I definitely agree with, is that the samba devs seem to be ignoring > >> the platform that S4 is mainly running on, something they could easily > >> change by just getting winbindd to pull **ALL** the RFC2307 attributes. > > Rowland, > > > > Please don't say things are easy without enclosing the patch, or the > > example re-configuration. For Samba 4.2, I'm simply glad to have been > > able to deprecate the built in winbind. That was the only goal I had - > > change the implementation, without changing the behaviour. Even then, > > we have a blocker bug 10720 - "error: Unable to convert first SID" that > > almost scuttled the whole idea. > > > > For better or worse, the idmap and nss codepaths in winbind are entirely > > separate, so while conceptually connected, the practice is a little more > > complex. How much more I'm sure you can tell me when you get back to me > > with a patch, or an example config. Then, we can start on the equally > > difficult path of deciding how/when to change the defaults, because > > breaking existing systems on upgrade also isn't fair. > > > > In the meantime, please drop this, or open a commercial support case > > with a vendor. Repeating this over and over isn't helping. > > > > Andrew Bartlett > > > OK Andrew, I accept what you are saying, I am only a 'user' and do not > know how to write C code, but until you wrote 'the idmap and nss > codepaths in winbind are entirely separate', I was not aware that this > is the problem. I thought (erroneously, it would seem) that because > 'winbindd' pulled (or seemed to) all the RFC2307 attributes on a member > server and when used on the AD DC pulled only the users 'uidNumber' & > 'gidNumber',Can you remind me if you have tried using the same configuration you used on the member server on the AD DC, and seen if it worked. Allowing this was the intention, but as I say, not the current goal (setting limited, sometimes very limited, goals has been the best way to avoid this whole endeavour being over-whelming). Andrew Bartlett -- Andrew Bartlett samba.org/~abartlet Authentication Developer, Samba Team samba.org Samba Developer, Catalyst IT catalyst.net.nz/services/samba