On 2015-11-08 at 22:50 +0100, buhorojo wrote:> On 08/11/15 21:01, Michael Adam wrote: > >On 2015-11-08 at 20:34 +0100, buhorojo wrote: > >>sssd's uses its own implementation of winbind > >I repeat: sssd does not implement winbind. > >It implements some parts of the winbind protocol. > >It is not a drop-in replacement for winbind(d). > >And the ad-dc forcefully uses winbindd anyways, > No, it is not forced. It can be disabled.Of course you can disable the server service. But then you have neither a supported nor a fully functional AD/DC setup. :-)> >so sssd is not at all an option. > No? What it does do is just work.No. It does not work for the internals of the ad/dc. It may work in nsswitch. And did I mention this is neither a support nor an advocating forum for sssd?> winbind doesn't. It is unfair > on the OP to insist it does.What does "OP" mean? Oh, and it is also unfair to always insist an external unsupported server just works, instead of addressing the points being discussed.> >>and _always_ retrieves the same id from AD. Repeat, _always_. > >>Currently it and nslcd are the only way to obtain full rfc2307 > >>and consistent ids on DCs. Neither winbind nor > >>winbindd can do so. > >Sure. winbindd can do it. > Sorry but you are wrong. On a DC it can't.If it does not fully work, then we need to fix that. And as you so nicely pointed out earlier yourself (for sssd in that case...), instead of recommending the use of an unsupported external application, please submit a bug report at https://bugzilla.samba.org/ . :-) Cheers - Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20151108/e3252a21/signature.sig>
On 08/11/15 23:40, Michael Adam wrote:> On 2015-11-08 at 22:50 +0100, buhorojo wrote: >> On 08/11/15 21:01, Michael Adam wrote: >>> On 2015-11-08 at 20:34 +0100, buhorojo wrote: >>>> sssd's uses its own implementation of winbind >>> I repeat: sssd does not implement winbind. >>> It implements some parts of the winbind protocol. >>> It is not a drop-in replacement for winbind(d). >>> And the ad-dc forcefully uses winbindd anyways, >> No, it is not forced. It can be disabled. > Of course you can disable the server service. > But then you have neither a supported nor a > fully functional AD/DC setup. :-)But you have one which works, LOL!> >>> so sssd is not at all an option. >> No? What it does do is just work. > No. It does not work for the internals of the ad/dc. > It may work in nsswitch. > > And did I mention this is neither a support > nor an advocating forum for sssd? > >> winbind doesn't. It is unfair >> on the OP to insist it does. > What does "OP" mean?http://lmgtfy.com/?q=what+does+OP+mean%3F> > Oh, and it is also unfair to always insist an > external unsupported server just works, instead > of addressing the points being discussed. > >>>> and _always_ retrieves the same id from AD. Repeat, _always_. >>>> Currently it and nslcd are the only way to obtain full rfc2307 >>>> and consistent ids on DCs. Neither winbind nor >>>> winbindd can do so. >>> Sure. winbindd can do it. >> Sorry but you are wrong. On a DC it can't. > If it does not fully work, then we need to fix that. > And as you so nicely pointed out earlier yourself > (for sssd in that case...), instead of recommending > the use of an unsupported external application, > please submit a bug report at https://bugzilla.samba.org/There are already many. Start with 10886. sssd unsupported? You must be joking. It's Red Hat! OK, it costs a fortune but you can always get the Fedora version with mailing list support. Or, build it yourslef even. By all means wait until winbind is fixed. However, those of us with work to do need it to work now. Reliably! Thanks again.
On 2015-11-09 at 07:57 +0100, buhorojo wrote:> On 08/11/15 23:40, Michael Adam wrote: > >On 2015-11-08 at 22:50 +0100, buhorojo wrote: > >>On 08/11/15 21:01, Michael Adam wrote: > >> > >>>so sssd is not at all an option. > >>No? What it does do is just work. > >No. It does not work for the internals of the ad/dc. > >It may work in nsswitch. > > > >And did I mention this is neither a support > >nor an advocating forum for sssd? > > > >>winbind doesn't. It is unfair on the OP to insist it does. > >What does "OP" mean? > http://lmgtfy.com/?q=what+does+OP+mean%3FA-ha. Btw: "Works-for-me" is a completely valid statement. It is even a state in bugzilla. It simply means "I do not have enough information about your setup to reproduce your issue." It is not unfair but encourages further exchange of information until the problem is understood and can be addressed or the OP's config is fixed.> >>>>Currently it and nslcd are the only way to obtain full rfc2307 > >>>>and consistent ids on DCs. Neither winbind nor winbindd can do so. > >>>Sure. winbindd can do it. > >>Sorry but you are wrong. On a DC it can't. > >If it does not fully work, then we need to fix that. > >And as you so nicely pointed out earlier yourself > >(for sssd in that case...), instead of recommending > >the use of an unsupported external application, > >please submit a bug report at https://bugzilla.samba.org/ > > There are already many. Start with 10886.Ah, thanks for the pointer. We need to follow up on that.> sssd unsupported? You must be joking. It's Red Hat! OK, it costs a fortune > but you can always get the Fedora version with mailing list support. Or, > build it yourslef even.I am talking about "supported by Samba upstream", not about "supported by a vendor or distribution". Also, in case you are not aware: The AD/DC setup of Samba is not (yet) supported by RedHat or Fedora. You need a self-compiled Samba for that. Not sure about the support level... And if you have not noticed (even tough you have been reminded before), this mailing list is about Samba and its components, about helping people to get the supported configurations working and about improving Samba and its components. So could you please stop sabotaging these efforts? Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20151109/7d838d1c/signature.sig>