On 02/04/15 14:35, buhorojo wrote:> On 02/04/15 14:56, Rowland Penny wrote: >> On 02/04/15 13:38, buhorojo wrote: >>> On 02/04/15 14:09, Rowland Penny wrote: >>>> On 02/04/15 12:41, buhorojo wrote: >>>>> On 02/04/15 12:48, Rowland Penny wrote: >>>>>> On 02/04/15 11:37, buhorojo wrote: >>>>>>> On 02/04/15 12:19, Rowland Penny wrote: >>>>>>>> On 02/04/15 11:05, buhorojo wrote: >>>>>>>>> On 02/04/15 11:27, Rowland Penny wrote: >>>>>>>>>> On 02/04/15 10:20, buhorojo wrote: >>>>>>>>>>> On 02/04/15 08:36, L.P.H. van Belle wrote: >>>>>>>>>>>> nss/winbind does work, yes, there is 1 missing file, just >>>>>>>>>>>> created it. >>>>>>>>>>>> ( and this is not needed on a DC ! ) >>>>>>>>>>> So you are telling us that something that returns: >>>>>>>>>>> /bin/false >>>>>>>>>>> when: >>>>>>>>>>> /bin/bash >>>>>>> >>>>>>> >>>>>> >>>>>> WHERE is the output from getent wrong ? >>>>> >>>>> Please read the thread. One example is given above. >>>>> Thanks. It really doesn't matter;) >>>>> >>>> >>>> OK, I have re-read the thread, I cannot find one example of the >>>> errors you get when using samba with the winbind backend, loads of >>>> errors when trying to install sssd with sernet packages, but no >>>> actual winbind errors. >>> Once again: >>> winbind gives /bin/false >>> sssd gives /bin/bash >>> The user has: >>> loginShell: /bin/bash >>> >>> If it doesn't matter for you, don't worry! >>> >>> >> >> That is *NOT* an error, that is the way the winbind built into the >> samba daemon works, it does not pull anything else from AD other than >> the users uidNumber and the gidNumber of their primary group. >> There is a work round involving the 'template' directories that can >> be set in smb.conf, these affect everybody that connects to the >> machine it is set on, per user settings cannot be set. >> >> It is one of the reasons against using the DC as a file server, but >> there are others. People have complained about the hard drive filling >> up until the DC is restarted, there have also been problems with >> excessive use of memory. >> >> I will put it this way, which part of the following statement do you >> not understand ? >> >> *We _do not recommend_ using the Domain Controller as a file Server*. >> > > We run scripts which require accurate nss information. So, no worries. > On our machines, sssd works fine. winbind doesn't. > > Rowland, wasn't it you who asked the developers how much work it would > cost them to (to use your term) 'pull' unixHomeDirectory and > loginShell from AD using winbind? You seemed misled that it was to be > made available in the next version. It seems that the developers > themselves regretted that it wouldn't be. >If you use samba as recommended, winbind will do all that sssd does for authentication. Yes I did ask, but I had it explained to me why it didn't yet work, I was also told that sssd is *not* a samba component and not to ask questions about it here on the *SAMBA* mailing list. Rowland
On 02/04/15 15:45, Rowland Penny wrote:> On 02/04/15 14:35, buhorojo wrote: >> On 02/04/15 14:56, Rowland Penny wrote: >>> On 02/04/15 13:38, buhorojo wrote: >>>> On 02/04/15 14:09, Rowland Penny wrote: >>>>> On 02/04/15 12:41, buhorojo wrote: >>>>>> On 02/04/15 12:48, Rowland Penny wrote: >>>>>>> On 02/04/15 11:37, buhorojo wrote: >>>>>>>> On 02/04/15 12:19, Rowland Penny wrote: >>>>>>>>> On 02/04/15 11:05, buhorojo wrote: >>>>>>>>>> On 02/04/15 11:27, Rowland Penny wrote: >>>>>>>>>>> On 02/04/15 10:20, buhorojo wrote: >>>>>>>>>>>> On 02/04/15 08:36, L.P.H. van Belle wrote: >>>>>>>>>>>>> nss/winbind does work, yes, there is 1 missing file, just >>>>>>>>>>>>> created it. >>>>>>>>>>>>> ( and this is not needed on a DC ! ) >>>>>>>>>>>> So you are telling us that something that returns: >>>>>>>>>>>> /bin/false >>>>>>>>>>>> when: >>>>>>>>>>>> /bin/bash >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> WHERE is the output from getent wrong ? >>>>>> >>>>>> Please read the thread. One example is given above. >>>>>> Thanks. It really doesn't matter;) >>>>>> >>>>> >>>>> OK, I have re-read the thread, I cannot find one example of the >>>>> errors you get when using samba with the winbind backend, loads of >>>>> errors when trying to install sssd with sernet packages, but no >>>>> actual winbind errors. >>>> Once again: >>>> winbind gives /bin/false >>>> sssd gives /bin/bash >>>> The user has: >>>> loginShell: /bin/bash >>>> >>>> If it doesn't matter for you, don't worry! >>>> >>>> >>> >>> That is *NOT* an error, that is the way the winbind built into the >>> samba daemon works, it does not pull anything else from AD other >>> than the users uidNumber and the gidNumber of their primary group. >>> There is a work round involving the 'template' directories that can >>> be set in smb.conf, these affect everybody that connects to the >>> machine it is set on, per user settings cannot be set. >>> >>> It is one of the reasons against using the DC as a file server, but >>> there are others. People have complained about the hard drive >>> filling up until the DC is restarted, there have also been problems >>> with excessive use of memory. >>> >>> I will put it this way, which part of the following statement do you >>> not understand ? >>> >>> *We _do not recommend_ using the Domain Controller as a file Server*. >>> >> >> We run scripts which require accurate nss information. So, no >> worries. On our machines, sssd works fine. winbind doesn't. >> >> Rowland, wasn't it you who asked the developers how much work it >> would cost them to (to use your term) 'pull' unixHomeDirectory and >> loginShell from AD using winbind? You seemed misled that it was to be >> made available in the next version. It seems that the developers >> themselves regretted that it wouldn't be. >> > > If you use samba as recommended, winbind will do all that sssd does > for authentication.But not what we want of it.> > Yes I did ask, but I had it explained to me why it didn't yet work,And it still, 'doesn't yet work'.> I was also told that sssd is *not* a samba component and not to ask > questions about it here on the *SAMBA* mailing list. > > Rowland >LOL. Slapped wrists indeed!
On 02/04/15 14:56, buhorojo wrote:> On 02/04/15 15:45, Rowland Penny wrote: >> On 02/04/15 14:35, buhorojo wrote: >>> On 02/04/15 14:56, Rowland Penny wrote: >>>> On 02/04/15 13:38, buhorojo wrote: >>>>> On 02/04/15 14:09, Rowland Penny wrote: >>>>>> On 02/04/15 12:41, buhorojo wrote: >>>>>>> On 02/04/15 12:48, Rowland Penny wrote: >>>>>>>> On 02/04/15 11:37, buhorojo wrote: >>>>>>>>> On 02/04/15 12:19, Rowland Penny wrote: >>>>>>>>>> On 02/04/15 11:05, buhorojo wrote: >>>>>>>>>>> On 02/04/15 11:27, Rowland Penny wrote: >>>>>>>>>>>> On 02/04/15 10:20, buhorojo wrote: >>>>>>>>>>>>> On 02/04/15 08:36, L.P.H. van Belle wrote: >>>>>>>>>>>>>> nss/winbind does work, yes, there is 1 missing file, just >>>>>>>>>>>>>> created it. >>>>>>>>>>>>>> ( and this is not needed on a DC ! ) >>>>>>>>>>>>> So you are telling us that something that returns: >>>>>>>>>>>>> /bin/false >>>>>>>>>>>>> when: >>>>>>>>>>>>> /bin/bash >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> WHERE is the output from getent wrong ? >>>>>>> >>>>>>> Please read the thread. One example is given above. >>>>>>> Thanks. It really doesn't matter;) >>>>>>> >>>>>> >>>>>> OK, I have re-read the thread, I cannot find one example of the >>>>>> errors you get when using samba with the winbind backend, loads >>>>>> of errors when trying to install sssd with sernet packages, but >>>>>> no actual winbind errors. >>>>> Once again: >>>>> winbind gives /bin/false >>>>> sssd gives /bin/bash >>>>> The user has: >>>>> loginShell: /bin/bash >>>>> >>>>> If it doesn't matter for you, don't worry! >>>>> >>>>> >>>> >>>> That is *NOT* an error, that is the way the winbind built into the >>>> samba daemon works, it does not pull anything else from AD other >>>> than the users uidNumber and the gidNumber of their primary group. >>>> There is a work round involving the 'template' directories that can >>>> be set in smb.conf, these affect everybody that connects to the >>>> machine it is set on, per user settings cannot be set. >>>> >>>> It is one of the reasons against using the DC as a file server, but >>>> there are others. People have complained about the hard drive >>>> filling up until the DC is restarted, there have also been problems >>>> with excessive use of memory. >>>> >>>> I will put it this way, which part of the following statement do >>>> you not understand ? >>>> >>>> *We _do not recommend_ using the Domain Controller as a file Server*. >>>> >>> >>> We run scripts which require accurate nss information. So, no >>> worries. On our machines, sssd works fine. winbind doesn't. >>> >>> Rowland, wasn't it you who asked the developers how much work it >>> would cost them to (to use your term) 'pull' unixHomeDirectory and >>> loginShell from AD using winbind? You seemed misled that it was to >>> be made available in the next version. It seems that the developers >>> themselves regretted that it wouldn't be. >>> >> >> If you use samba as recommended, winbind will do all that sssd does >> for authentication. > But not what we want of it. >> >> Yes I did ask, but I had it explained to me why it didn't yet work, > And it still, 'doesn't yet work'. >> I was also told that sssd is *not* a samba component and not to ask >> questions about it here on the *SAMBA* mailing list. >> >> Rowland >> > LOL. Slapped wrists indeed! >****************************************************** * * * Please do not feed the Troll * * * ******************************************************