Am 20.09.21 um 16:42 schrieb Patrick Goetz via samba:> Now it looks like I'm going to have to rethink the entire system > architecture if I want to upgrade the file server from Ubuntu 18.04 to > anything newer?? (Ubuntu 20.04 ships 4.11.6).? This is going to be a > problem, as all the files are related to the UIDs and GIDs generated by > sssd. I'm not sure that's realistic in a very active research > environment. The solution is likely going to involve virtualizing all > the Windows machines and using IOMMU to provide a PCIe passthrough for > whatever GPU's they need for processing.sorry, tl;dr, at least not fully, but still wanted to mention...> Any thoughts on this appreciated....you could try to use the idmap sss backend. Unfortunately it's not included in upstream Samba and therefor not available on Ubuntu. Otho RHEL Samba ships it, if that helps. Alternatively you could build Samba packages from source and include the necessary patches, I have a WIP branch here: <https://git.samba.org/?p=slow/samba.git;a=shortlog;h=refs/heads/idmap_sss> Cheers! -slow -- Ralph Boehme, Samba Team https://samba.org/ SerNet Samba Team Lead https://sernet.de/en/team-samba -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20210920/72c4406d/OpenPGP_signature.sig>
On Mon, 2021-09-20 at 16:51 +0200, Ralph Boehme via samba wrote:> Am 20.09.21 um 16:42 schrieb Patrick Goetz via samba: > > Now it looks like I'm going to have to rethink the entire system > > architecture if I want to upgrade the file server from Ubuntu 18.04 > > to > > anything newer? (Ubuntu 20.04 ships 4.11.6). This is going to be > > a > > problem, as all the files are related to the UIDs and GIDs > > generated by > > sssd. I'm not sure that's realistic in a very active research > > environment. The solution is likely going to involve virtualizing > > all > > the Windows machines and using IOMMU to provide a PCIe passthrough > > for > > whatever GPU's they need for processing. > > sorry, tl;dr, at least not fully, but still wanted to mention... > > > Any thoughts on this appreciated. > > ...you could try to use the idmap sss backend. Unfortunately it's > not > included in upstream Samba and therefor not available on Ubuntu.It was removed from Samba after a team discussion, based on the fact that it was designed for an external product, so shouldn't be in the Samba tree (If I remember correctly).> Otho > RHEL Samba ships it, if that helps.It may, if the OP only requires authentication, in which case you might as well just run sssd by itself without Samba. Rowland
Hi - On 9/20/21 09:51, Ralph Boehme wrote:> Am 20.09.21 um 16:42 schrieb Patrick Goetz via samba: >> Now it looks like I'm going to have to rethink the entire system >> architecture if I want to upgrade the file server from Ubuntu 18.04 to >> anything newer?? (Ubuntu 20.04 ships 4.11.6).? This is going to be a >> problem, as all the files are related to the UIDs and GIDs generated >> by sssd. I'm not sure that's realistic in a very active research >> environment. The solution is likely going to involve virtualizing all >> the Windows machines and using IOMMU to provide a PCIe passthrough for >> whatever GPU's they need for processing. > > sorry, tl;dr, at least not fully, but still wanted to mention... > >> Any thoughts on this appreciated. > > ...you could try to use the idmap sss backend. Unfortunately it's not > included in upstream Samba and therefor not available on Ubuntu. Otho > RHEL Samba ships it, if that helps. > > Alternatively you could build Samba packages from source and include the > necessary patches, I have a WIP branch here: > > <https://git.samba.org/?p=slow/samba.git;a=shortlog;h=refs/heads/idmap_sss> >I'm a bit confused about what this branch does; i.e. if it's just to facilitate the use of idmap_sss, then why are patches needed? Aren't people currently using idmap_sss with Samba, or is that only because Redhat is patching Samba downstream and it doesn't work at all with Ubuntu systems even when sss is installed? I've read there's a memory leak in 4.11 anyway, and some people are recommending the source: http://apt.van-belle.nl/ as an alternative to the distro Samba packages available on Debian/Ubuntu.> Cheers! > -slow > > > > This message is from an external sender. Learn more about why this > matters. <https://ut.service-now.com/sp?id=kb_article&number=KB0011401> > >