On Thursday, 9 February 2023 09:09:09 CET Ralph Boehme
wrote:> On 2/9/23 09:02, Rowland Penny via samba wrote:
>
> > Realmd, sssd etc were written by red-hat for use against FreeIPA and
> > hence that is what red-hat supports.
>
>
> fwiw, I don't think this is the full picture. Iirc sssd and the tooling
> are designed to join Linux systems to a several directory services,
> FreeIPA being one of them, AD and pure LDAP are others.
>
> In fact, iirc, the realm join command, depending on arguments, actually
> uses net ads join to join to AD.
>
> Ideally we would have something on the wiki that explains this.
> @Andreas: would you be able to start a wiki page with a quick overview
> this stuff?
I think the right way would be to link to Fedora or RHEL documentation.
However the Fedora documentation looks outdated.
Fedora:
https://docs.fedoraproject.org/en-US/fedora/latest/system-administrators-guide/servers/File_and_Print_Servers/#sect-Samba
RHEL:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/
configuring_and_using_network_file_services/assembly_using-samba-as-a-
server_configuring-and-using-network-file-services#proc_joining-samba-to-a-
domain_assembly_setting-up-samba-as-an-ad-domain-member-server
@Marc Can update the Fedora docs and sync them with RHEL9 docs?
However we suggest to join an AD domain using realmd:
realm join --membership-software=samba --client-software=winbind
ad.example.com
This will join using 'net' command, setup PAM, NSS, KRB5 and systemd to
start
and enable the winbind.service.
Best regards
Andreas
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D