On 02/04/15 14:56, buhorojo wrote:> On 02/04/15 15:45, Rowland Penny wrote: >> On 02/04/15 14:35, buhorojo wrote: >>> On 02/04/15 14:56, Rowland Penny wrote: >>>> On 02/04/15 13:38, buhorojo wrote: >>>>> On 02/04/15 14:09, Rowland Penny wrote: >>>>>> On 02/04/15 12:41, buhorojo wrote: >>>>>>> On 02/04/15 12:48, Rowland Penny wrote: >>>>>>>> On 02/04/15 11:37, buhorojo wrote: >>>>>>>>> On 02/04/15 12:19, Rowland Penny wrote: >>>>>>>>>> On 02/04/15 11:05, buhorojo wrote: >>>>>>>>>>> On 02/04/15 11:27, Rowland Penny wrote: >>>>>>>>>>>> On 02/04/15 10:20, buhorojo wrote: >>>>>>>>>>>>> On 02/04/15 08:36, L.P.H. van Belle wrote: >>>>>>>>>>>>>> nss/winbind does work, yes, there is 1 missing file, just >>>>>>>>>>>>>> created it. >>>>>>>>>>>>>> ( and this is not needed on a DC ! ) >>>>>>>>>>>>> So you are telling us that something that returns: >>>>>>>>>>>>> /bin/false >>>>>>>>>>>>> when: >>>>>>>>>>>>> /bin/bash >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> WHERE is the output from getent wrong ? >>>>>>> >>>>>>> Please read the thread. One example is given above. >>>>>>> Thanks. It really doesn't matter;) >>>>>>> >>>>>> >>>>>> OK, I have re-read the thread, I cannot find one example of the >>>>>> errors you get when using samba with the winbind backend, loads >>>>>> of errors when trying to install sssd with sernet packages, but >>>>>> no actual winbind errors. >>>>> Once again: >>>>> winbind gives /bin/false >>>>> sssd gives /bin/bash >>>>> The user has: >>>>> loginShell: /bin/bash >>>>> >>>>> If it doesn't matter for you, don't worry! >>>>> >>>>> >>>> >>>> That is *NOT* an error, that is the way the winbind built into the >>>> samba daemon works, it does not pull anything else from AD other >>>> than the users uidNumber and the gidNumber of their primary group. >>>> There is a work round involving the 'template' directories that can >>>> be set in smb.conf, these affect everybody that connects to the >>>> machine it is set on, per user settings cannot be set. >>>> >>>> It is one of the reasons against using the DC as a file server, but >>>> there are others. People have complained about the hard drive >>>> filling up until the DC is restarted, there have also been problems >>>> with excessive use of memory. >>>> >>>> I will put it this way, which part of the following statement do >>>> you not understand ? >>>> >>>> *We _do not recommend_ using the Domain Controller as a file Server*. >>>> >>> >>> We run scripts which require accurate nss information. So, no >>> worries. On our machines, sssd works fine. winbind doesn't. >>> >>> Rowland, wasn't it you who asked the developers how much work it >>> would cost them to (to use your term) 'pull' unixHomeDirectory and >>> loginShell from AD using winbind? You seemed misled that it was to >>> be made available in the next version. It seems that the developers >>> themselves regretted that it wouldn't be. >>> >> >> If you use samba as recommended, winbind will do all that sssd does >> for authentication. > But not what we want of it. >> >> Yes I did ask, but I had it explained to me why it didn't yet work, > And it still, 'doesn't yet work'. >> I was also told that sssd is *not* a samba component and not to ask >> questions about it here on the *SAMBA* mailing list. >> >> Rowland >> > LOL. Slapped wrists indeed! >****************************************************** * * * Please do not feed the Troll * * * ******************************************************
On 02/04/15 16:03, Rowland Penny wrote:> On 02/04/15 14:56, buhorojo wrote: >> On 02/04/15 15:45, Rowland Penny wrote: >>> On 02/04/15 14:35, buhorojo wrote: >>>> On 02/04/15 14:56, Rowland Penny wrote: >>>>> On 02/04/15 13:38, buhorojo wrote: >>>>>> On 02/04/15 14:09, Rowland Penny wrote: >>>>>>> On 02/04/15 12:41, buhorojo wrote: >>>>>>>> On 02/04/15 12:48, Rowland Penny wrote: >>>>>>>>> On 02/04/15 11:37, buhorojo wrote: >>>>>>>>>> On 02/04/15 12:19, Rowland Penny wrote: >>>>>>>>>>> On 02/04/15 11:05, buhorojo wrote: >>>>>>>>>>>> On 02/04/15 11:27, Rowland Penny wrote: >>>>>>>>>>>>> On 02/04/15 10:20, buhorojo wrote: >>>>>>>>>>>>>> On 02/04/15 08:36, L.P.H. van Belle wrote: >>>>>>>>>>>>>>> nss/winbind does work, yes, there is 1 missing file, >>>>>>>>>>>>>>> just created it. >>>>>>>>>>>>>>> ( and this is not needed on a DC ! ) >>>>>>>>>>>>>> So you are telling us that something that returns: >>>>>>>>>>>>>> /bin/false >>>>>>>>>>>>>> when: >>>>>>>>>>>>>> /bin/bash >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> WHERE is the output from getent wrong ? >>>>>>>> >>>>>>>> Please read the thread. One example is given above. >>>>>>>> Thanks. It really doesn't matter;) >>>>>>>> >>>>>>> >>>>>>> OK, I have re-read the thread, I cannot find one example of the >>>>>>> errors you get when using samba with the winbind backend, loads >>>>>>> of errors when trying to install sssd with sernet packages, but >>>>>>> no actual winbind errors. >>>>>> Once again: >>>>>> winbind gives /bin/false >>>>>> sssd gives /bin/bash >>>>>> The user has: >>>>>> loginShell: /bin/bash >>>>>> >>>>>> If it doesn't matter for you, don't worry! >>>>>> >>>>>> >>>>> >>>>> That is *NOT* an error, that is the way the winbind built into the >>>>> samba daemon works, it does not pull anything else from AD other >>>>> than the users uidNumber and the gidNumber of their primary group. >>>>> There is a work round involving the 'template' directories that >>>>> can be set in smb.conf, these affect everybody that connects to >>>>> the machine it is set on, per user settings cannot be set. >>>>> >>>>> It is one of the reasons against using the DC as a file server, >>>>> but there are others. People have complained about the hard drive >>>>> filling up until the DC is restarted, there have also been >>>>> problems with excessive use of memory. >>>>> >>>>> I will put it this way, which part of the following statement do >>>>> you not understand ? >>>>> >>>>> *We _do not recommend_ using the Domain Controller as a file Server*. >>>>> >>>> >>>> We run scripts which require accurate nss information. So, no >>>> worries. On our machines, sssd works fine. winbind doesn't. >>>> >>>> Rowland, wasn't it you who asked the developers how much work it >>>> would cost them to (to use your term) 'pull' unixHomeDirectory and >>>> loginShell from AD using winbind? You seemed misled that it was to >>>> be made available in the next version. It seems that the developers >>>> themselves regretted that it wouldn't be. >>>> >>> >>> If you use samba as recommended, winbind will do all that sssd does >>> for authentication. >> But not what we want of it. >>> >>> Yes I did ask, but I had it explained to me why it didn't yet work, >> And it still, 'doesn't yet work'. >>> I was also told that sssd is *not* a samba component and not to ask >>> questions about it here on the *SAMBA* mailing list. >>> >>> Rowland >>> >> LOL. Slapped wrists indeed! >> > > > ****************************************************** > * * > * Please do not feed the > Troll * > * * > ****************************************************** > >No. Just trying to get some answers which may help us move forward. A different POV. No more. B.
L.P.H. van Belle
2015-Apr-02 14:45 UTC
[Samba] sssd-ad cannot be installed with sernet samba
but still no answers can be given correctly, because of no smb.conf is posted by buhorojo. so question post you : smb.conf nsswitch.conf idmap.conf I still bet your setup is wrong. What is the samba backend your using. ?? Ad or Rid ? I'l answere right now.... RID => use the template config in smb.conf this gives UID/GID AND homedir. AD => configure NIS extentions. this gives uid/gid AND homedir. both work for me with getent passwd / wbinfo -u / id username all give me the correct info.. Greetz, Louis>-----Oorspronkelijk bericht----- >Van: buhorojo.lcb at gmail.com >[mailto:samba-bounces at lists.samba.org] Namens buhorojo >Verzonden: donderdag 2 april 2015 16:26 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] sssd-ad cannot be installed with sernet samba > >On 02/04/15 16:03, Rowland Penny wrote: >> On 02/04/15 14:56, buhorojo wrote: >>> On 02/04/15 15:45, Rowland Penny wrote: >>>> On 02/04/15 14:35, buhorojo wrote: >>>>> On 02/04/15 14:56, Rowland Penny wrote: >>>>>> On 02/04/15 13:38, buhorojo wrote: >>>>>>> On 02/04/15 14:09, Rowland Penny wrote: >>>>>>>> On 02/04/15 12:41, buhorojo wrote: >>>>>>>>> On 02/04/15 12:48, Rowland Penny wrote: >>>>>>>>>> On 02/04/15 11:37, buhorojo wrote: >>>>>>>>>>> On 02/04/15 12:19, Rowland Penny wrote: >>>>>>>>>>>> On 02/04/15 11:05, buhorojo wrote: >>>>>>>>>>>>> On 02/04/15 11:27, Rowland Penny wrote: >>>>>>>>>>>>>> On 02/04/15 10:20, buhorojo wrote: >>>>>>>>>>>>>>> On 02/04/15 08:36, L.P.H. van Belle wrote: >>>>>>>>>>>>>>>> nss/winbind does work, yes, there is 1 missing file, >>>>>>>>>>>>>>>> just created it. >>>>>>>>>>>>>>>> ( and this is not needed on a DC ! ) >>>>>>>>>>>>>>> So you are telling us that something that returns: >>>>>>>>>>>>>>> /bin/false >>>>>>>>>>>>>>> when: >>>>>>>>>>>>>>> /bin/bash >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> WHERE is the output from getent wrong ? >>>>>>>>> >>>>>>>>> Please read the thread. One example is given above. >>>>>>>>> Thanks. It really doesn't matter;) >>>>>>>>> >>>>>>>> >>>>>>>> OK, I have re-read the thread, I cannot find one >example of the >>>>>>>> errors you get when using samba with the winbind >backend, loads >>>>>>>> of errors when trying to install sssd with sernet >packages, but >>>>>>>> no actual winbind errors. >>>>>>> Once again: >>>>>>> winbind gives /bin/false >>>>>>> sssd gives /bin/bash >>>>>>> The user has: >>>>>>> loginShell: /bin/bash >>>>>>> >>>>>>> If it doesn't matter for you, don't worry! >>>>>>> >>>>>>> >>>>>> >>>>>> That is *NOT* an error, that is the way the winbind >built into the >>>>>> samba daemon works, it does not pull anything else from AD other >>>>>> than the users uidNumber and the gidNumber of their >primary group. >>>>>> There is a work round involving the 'template' directories that >>>>>> can be set in smb.conf, these affect everybody that connects to >>>>>> the machine it is set on, per user settings cannot be set. >>>>>> >>>>>> It is one of the reasons against using the DC as a file server, >>>>>> but there are others. People have complained about the >hard drive >>>>>> filling up until the DC is restarted, there have also been >>>>>> problems with excessive use of memory. >>>>>> >>>>>> I will put it this way, which part of the following statement do >>>>>> you not understand ? >>>>>> >>>>>> *We _do not recommend_ using the Domain Controller as a >file Server*. >>>>>> >>>>> >>>>> We run scripts which require accurate nss information. So, no >>>>> worries. On our machines, sssd works fine. winbind doesn't. >>>>> >>>>> Rowland, wasn't it you who asked the developers how much work it >>>>> would cost them to (to use your term) 'pull' >unixHomeDirectory and >>>>> loginShell from AD using winbind? You seemed misled that >it was to >>>>> be made available in the next version. It seems that the >developers >>>>> themselves regretted that it wouldn't be. >>>>> >>>> >>>> If you use samba as recommended, winbind will do all that >sssd does >>>> for authentication. >>> But not what we want of it. >>>> >>>> Yes I did ask, but I had it explained to me why it didn't yet work, >>> And it still, 'doesn't yet work'. >>>> I was also told that sssd is *not* a samba component and >not to ask >>>> questions about it here on the *SAMBA* mailing list. >>>> >>>> Rowland >>>> >>> LOL. Slapped wrists indeed! >>> >> >> >> ****************************************************** >> * * >> * Please do not feed the >> Troll * >> * * >> ****************************************************** >> >> >No. Just trying to get some answers which may help us move forward. A >different POV. No more. >B. > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
On 02/04/15 16:45, L.P.H. van Belle wrote:> but still no answers can be given correctly, because of no smb.conf is posted by buhorojo. > so question post you :The thread has nothing to do with the buhorojo setup. We are trying to find why sssd-ad cannot be installed alongside sernet. The poster of the thread has a workaround, using sssd, so it's not urgent. What remains unanswered is where we could post problems when we are having problems with sernet. Please try to think outside your own setup. We know the rules, we know the wiki. I don't know the answer. I try to introduce something which may give a clue as to why we would need to do what the poster asks. Please try to give younger people an opportunity to voice their opinions. We are not trying to undermine anyone's authority. Thanks. B.