On 02/04/15 11:05, buhorojo wrote:> On 02/04/15 11:27, Rowland Penny wrote: >> On 02/04/15 10:20, buhorojo wrote: >>> On 02/04/15 08:36, L.P.H. van Belle wrote: >>>> nss/winbind does work, yes, there is 1 missing file, just created it. >>>> ( and this is not needed on a DC ! ) >>> So you are telling us that something that returns: >>> /bin/false >>> when: >>> /bin/bash >>> is specified in the database is a piece of software that is working? >>> >> >> You only need a shell if you are logging into the DC and you >> shouldn't be, the samba wiki couldn't be much plainer, it is not >> recommended to use the DC as a fileserver! >> >> However, if you must use the DC as a fileserver, investigate the >> 'template' lines for smb.conf >> >> Rowland > > The correct output from getent and id goes far beyond login! Please > read previous the posts to the list. >If you follow the recommendation on the samba wiki and do not use the DC as a fileserver, you will not have this problem. Using the 'template' lines is a workaround, but you still could have problems if you do use the DC as a fileserver. Rowland
On 02/04/15 12:19, Rowland Penny wrote:> On 02/04/15 11:05, buhorojo wrote: >> On 02/04/15 11:27, Rowland Penny wrote: >>> On 02/04/15 10:20, buhorojo wrote: >>>> On 02/04/15 08:36, L.P.H. van Belle wrote: >>>>> nss/winbind does work, yes, there is 1 missing file, just created it. >>>>> ( and this is not needed on a DC ! ) >>>> So you are telling us that something that returns: >>>> /bin/false >>>> when: >>>> /bin/bash >>>> is specified in the database is a piece of software that is working? >>>> >>> >>> You only need a shell if you are logging into the DC and you >>> shouldn't be, the samba wiki couldn't be much plainer, it is not >>> recommended to use the DC as a fileserver! >>> >>> However, if you must use the DC as a fileserver, investigate the >>> 'template' lines for smb.conf >>> >>> Rowland >> >> The correct output from getent and id goes far beyond login! Please >> read previous the posts to the list. >> > > If you follow the recommendation on the samba wiki and do not use the > DC as a fileserver, you will not have this problem. Using the > 'template' lines is a workaround, but you still could have problems if > you do use the DC as a fileserver. > > RowlandNo, that doesn't help. Forget file-servers and DCs. How else can we explain that the output from e.g. getent is wrong? We need the output of getent to be correct. So we must use sssd. sssd-ad does not work with sernet. There is no fix for that. That's it. Done!
On 02/04/15 11:37, buhorojo wrote:> On 02/04/15 12:19, Rowland Penny wrote: >> On 02/04/15 11:05, buhorojo wrote: >>> On 02/04/15 11:27, Rowland Penny wrote: >>>> On 02/04/15 10:20, buhorojo wrote: >>>>> On 02/04/15 08:36, L.P.H. van Belle wrote: >>>>>> nss/winbind does work, yes, there is 1 missing file, just created >>>>>> it. >>>>>> ( and this is not needed on a DC ! ) >>>>> So you are telling us that something that returns: >>>>> /bin/false >>>>> when: >>>>> /bin/bash >>>>> is specified in the database is a piece of software that is working? >>>>> >>>> >>>> You only need a shell if you are logging into the DC and you >>>> shouldn't be, the samba wiki couldn't be much plainer, it is not >>>> recommended to use the DC as a fileserver! >>>> >>>> However, if you must use the DC as a fileserver, investigate the >>>> 'template' lines for smb.conf >>>> >>>> Rowland >>> >>> The correct output from getent and id goes far beyond login! Please >>> read previous the posts to the list. >>> >> >> If you follow the recommendation on the samba wiki and do not use the >> DC as a fileserver, you will not have this problem. Using the >> 'template' lines is a workaround, but you still could have problems >> if you do use the DC as a fileserver. >> >> Rowland > > No, that doesn't help. Forget file-servers and DCs. How else can we > explain that the output from e.g. getent is wrong? We need the output > of getent to be correct. So we must use sssd. sssd-ad does not work > with sernet. There is no fix for that. That's it. Done! > >WHERE is the output from getent wrong ? On a DC ? On a Linux member server ? On a Linux client ? What is wrong ? It is no good just saying getent is wrong, please give examples of what is wrong, if there is a definite bug, a bug report can be raised and it should get fixed, but as far as I am aware, Samba using windbind works as described on the wiki. Rowland