samba - Jan 2022 - Samba on CentOS 8 with sssd and AD users/groups and local users/groups

On Fri, 2022-01-14 at 20:16 +0000, Rowland Penny via samba
wrote:
> On Fri, 2022-01-14 at 15:07 -0500, Luc Lalonde wrote:
> > Interesting... You didn't have problems with missing dependancies?
> 
> No, just added the repo, installed pam_krb5 and configured
> /etc/security/pam_winbind.conf
> 
> > They're really pushing you to use SSSD:
> 
> Well they would, it is theirs.
> 
> > pam_krb5
> > 
> > This PAM module provides Kerberos-based authentication. From the
> > very 
> > beginning of its existence the SSSD project was targeting
> > replacing 
> > pam_krb5 on the system. SSSD has offered Kerberos authentication
> > for 
> > years, but also much more. With the release of Red Hat Enterprise
> > Linux 
> > 7.4 SSSD has the features that we believe users need from the
> > standard 
> > pam_krb5 module, and we felt ready to add it to the set of
> > deprecated 
> > PAM modules.
> > 
> > Taken from (you need an account to read it, a free dev account will
> > do):
> > 
> > https://access.redhat.com/solutions/4256011
> 
> As far as I remember, the pam_krb5 they removed was their version,
> which wasn't very good, and had nothing to do with version that
> Debian
> uses.
> 
> I just need to wait until tomorrow and see if my ticket is renewed,
> as
> on Debian.
> 
> Rowland
Oh, I hate red-hat, No samba-tool (which I can understand because of no
DC code) and ldbsearch doesn't have '-P'

Looks like I need to find an uptodate repo with Samba DC packages.

Rowland

On 15-01-2022 14:05, Rowland Penny via samba wrote:
> On Fri, 2022-01-14 at 20:16 +0000, Rowland Penny via samba wrote:
>> On Fri, 2022-01-14 at 15:07 -0500, Luc Lalonde wrote:
>>> Interesting... You didn't have problems with missing
dependancies?
>> No, just added the repo, installed pam_krb5 and configured
>> /etc/security/pam_winbind.conf
>>
>>> They're really pushing you to use SSSD:
>> Well they would, it is theirs.
>>
>>> pam_krb5
>>>
>>> This PAM module provides Kerberos-based authentication. From the
>>> very
>>> beginning of its existence the SSSD project was targeting
>>> replacing
>>> pam_krb5 on the system. SSSD has offered Kerberos authentication
>>> for
>>> years, but also much more. With the release of Red Hat Enterprise
>>> Linux
>>> 7.4 SSSD has the features that we believe users need from the
>>> standard
>>> pam_krb5 module, and we felt ready to add it to the set of
>>> deprecated
>>> PAM modules.
>>>
>>> Taken from (you need an account to read it, a free dev account will
>>> do):
>>>
>>> https://access.redhat.com/solutions/4256011
>> As far as I remember, the pam_krb5 they removed was their version,
>> which wasn't very good, and had nothing to do with version that
>> Debian
>> uses.
>>
>> I just need to wait until tomorrow and see if my ticket is renewed,
>> as
>> on Debian.
>>
>> Rowland
> Oh, I hate red-hat, No samba-tool (which I can understand because of no
> DC code) and ldbsearch doesn't have '-P'
>
> Looks like I need to find an uptodate repo with Samba DC packages.
>
> Rowland
>
>
>
>
Perhaps this: https://github.com/nkadel/samba4repo/

It was mentioned on 12-11-2021 on the list.

- Kees

Hi Rowland,

On Sat, 15 Jan 2022, Rowland Penny via samba wrote:
> Oh, I hate red-hat, No samba-tool (which I can understand because of no
> DC code) and ldbsearch doesn't have '-P'
I work with Red Hat and it pains me to see so much dislike in the 
community. I cannot comment on the downstream directions taken by whoever 
oversees such packages (perhaps because we have agreements about Azure 
with Microsoft) but it pains me to see this. There are a lot of great and smart 
OpenSource developpers in that company (I'm not one of them, I just a 
consultant) and lots of redhatters are contributing to upstream Fedora 
packages (where packages such as that pam_krb5 src.rpm is coming from).

This is also why I've attempted (in my limited time) to build rpms for 
samba AD-DC for RHEL/Centos so people could still get a working DC on 
RHEL/CentOS. Unfortunately, I lack the time to spend more time on this but 
all of my modified SPEC files and rpms are in the URL below.

All I know is that I've been runnin an AD/DC (for my family) for over 3 
years on RHEL and it's been running flawlessly. (this was the initial 
reason I got into re-packaging this on RHEL).
> Looks like I need to find an uptodate repo with Samba DC packages.
Would the following URL be useful?

http://vince.cojot.name/dist/samba has all my rpmbuilds for 4.14 (el8) en 
< 4.13.x (el7) are there.. I still haven't had time to work on 4.15 but 
might try shortly..
> Rowland
>
>
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>