On 2/9/23 09:02, Rowland Penny via samba wrote:> Realmd, sssd etc were written by red-hat for use against FreeIPA and > hence that is what red-hat supports.fwiw, I don't think this is the full picture. Iirc sssd and the tooling are designed to join Linux systems to a several directory services, FreeIPA being one of them, AD and pure LDAP are others. In fact, iirc, the realm join command, depending on arguments, actually uses net ads join to join to AD. Ideally we would have something on the wiki that explains this. @Andreas: would you be able to start a wiki page with a quick overview this stuff? -slow -- Ralph Boehme, Samba Team https://samba.org/ SerNet Samba Team Lead https://sernet.de/en/team-samba -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20230209/1a35db4a/OpenPGP_signature.sig>
On 09/02/2023 08:09, Ralph Boehme wrote:> On 2/9/23 09:02, Rowland Penny via samba wrote: >> Realmd, sssd etc were written by red-hat for use against FreeIPA and >> hence that is what red-hat supports. > > fwiw, I don't think this is the full picture. Iirc sssd and the tooling > are designed to join Linux systems to a several directory services, > FreeIPA being one of them, AD and pure LDAP are others. > > In fact, iirc, the realm join command, depending on arguments, actually > uses net ads join to join to AD. > > Ideally we would have something on the wiki that explains this. > @Andreas: would you be able to start a wiki page with a quick overview > this stuff? > > -slow >Why are we even talking about providing support for something that Samba does not provide ? If I remember correctly, there used to be a Samba wikipage about using sssd, but it was removed because Samba could not support sssd because Samba does not write it. In my opinion, the best place for information about realmd and sssd is in the red-hat controlled wikis. Rowland
On Thursday, 9 February 2023 09:09:09 CET Ralph Boehme wrote:> On 2/9/23 09:02, Rowland Penny via samba wrote: > > > Realmd, sssd etc were written by red-hat for use against FreeIPA and > > hence that is what red-hat supports. > > > fwiw, I don't think this is the full picture. Iirc sssd and the tooling > are designed to join Linux systems to a several directory services, > FreeIPA being one of them, AD and pure LDAP are others. > > In fact, iirc, the realm join command, depending on arguments, actually > uses net ads join to join to AD. > > Ideally we would have something on the wiki that explains this. > @Andreas: would you be able to start a wiki page with a quick overview > this stuff?I think the right way would be to link to Fedora or RHEL documentation. However the Fedora documentation looks outdated. Fedora: https://docs.fedoraproject.org/en-US/fedora/latest/system-administrators-guide/servers/File_and_Print_Servers/#sect-Samba RHEL: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/ configuring_and_using_network_file_services/assembly_using-samba-as-a- server_configuring-and-using-network-file-services#proc_joining-samba-to-a- domain_assembly_setting-up-samba-as-an-ad-domain-member-server @Marc Can update the Fedora docs and sync them with RHEL9 docs? However we suggest to join an AD domain using realmd: realm join --membership-software=samba --client-software=winbind ad.example.com This will join using 'net' command, setup PAM, NSS, KRB5 and systemd to start and enable the winbind.service. Best regards Andreas -- Andreas Schneider asn at samba.org Samba Team www.samba.org GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D