vincent at cojot.name
2022-Jan-15 15:21 UTC
[Samba] Samba on CentOS 8 with sssd and AD users/groups and local users/groups
Hi Rowland, On Sat, 15 Jan 2022, Rowland Penny via samba wrote:> Oh, I hate red-hat, No samba-tool (which I can understand because of no > DC code) and ldbsearch doesn't have '-P'I work with Red Hat and it pains me to see so much dislike in the community. I cannot comment on the downstream directions taken by whoever oversees such packages (perhaps because we have agreements about Azure with Microsoft) but it pains me to see this. There are a lot of great and smart OpenSource developpers in that company (I'm not one of them, I just a consultant) and lots of redhatters are contributing to upstream Fedora packages (where packages such as that pam_krb5 src.rpm is coming from). This is also why I've attempted (in my limited time) to build rpms for samba AD-DC for RHEL/Centos so people could still get a working DC on RHEL/CentOS. Unfortunately, I lack the time to spend more time on this but all of my modified SPEC files and rpms are in the URL below. All I know is that I've been runnin an AD/DC (for my family) for over 3 years on RHEL and it's been running flawlessly. (this was the initial reason I got into re-packaging this on RHEL).> Looks like I need to find an uptodate repo with Samba DC packages.Would the following URL be useful? http://vince.cojot.name/dist/samba has all my rpmbuilds for 4.14 (el8) en < 4.13.x (el7) are there.. I still haven't had time to work on 4.15 but might try shortly..> Rowland > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland Penny
2022-Jan-15 16:04 UTC
[Samba] Samba on CentOS 8 with sssd and AD users/groups and local users/groups
On Sat, 2022-01-15 at 10:21 -0500, vincent at cojot.name wrote:> Hi Rowland, > > On Sat, 15 Jan 2022, Rowland Penny via samba wrote: > > > Oh, I hate red-hat, No samba-tool (which I can understand because > > of no > > DC code) and ldbsearch doesn't have '-P' > > I work with Red Hat and it pains me to see so much dislike in the > community. I cannot comment on the downstream directions taken by > whoever > oversees such packages (perhaps because we have agreements about > Azure > with Microsoft) but it pains me to see this. There are a lot of great > and smart > OpenSource developpers in that company (I'm not one of them, I just > a > consultant) and lots of redhatters are contributing to upstream > Fedora > packages (where packages such as that pam_krb5 src.rpm is coming > from). > > This is also why I've attempted (in my limited time) to build rpms > for > samba AD-DC for RHEL/Centos so people could still get a working DC > on > RHEL/CentOS. Unfortunately, I lack the time to spend more time on > this but > all of my modified SPEC files and rpms are in the URL below. > > All I know is that I've been runnin an AD/DC (for my family) for over > 3 > years on RHEL and it's been running flawlessly. (this was the > initial > reason I got into re-packaging this on RHEL). > > > Looks like I need to find an uptodate repo with Samba DC packages. > > Would the following URL be useful? > > http://vince.cojot.name/dist/samba has all my rpmbuilds for 4.14 > (el8) en > < 4.13.x (el7) are there.. I still haven't had time to work on 4.15 > but > might try shortly..I am sorry, but that might have come out a bit wrong :-( Red-hat could have used Heimdal just for a Samba AD DC, but they decided not to and are even on record as saying there will never be Samba packages that can be be provisioned as an AD DC. This has led to people like yourself trying to provide packages that can be provisioned as an AD DC, but it seems to be extremely difficult. This is compounded by RH removing packages e.g. pam_krb5 Compare this with the Debian distro's, they have had the capability to provision a DC since Samba 4.0.0 The only problem is that most distro's do not keep up with the latest Samba, this is where repo's, like the one that Louis Van Belle provides, come in. My personal feeling is that the RH based distro's should only be used with FreeIPA and use the Debian based distros with AD. Rowland