On Thu, Apr 10, 2014 at 04:44:20PM +0100, Rowland Penny wrote:
On 10/04/14 15:20, Jakub Hrozek wrote:
>Hi,
>
>our current HOWTO[1] on connecting SSSD to an AD DC is outdated,
>mostly because the page still only introduces the LDAP provider. Recently, me,
>Sumit and Jeremy Agee wrote a new page that specifically advises to use
>the AD provider and also use realmd for setup:
>https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server
>
>We started a new page and kept the old one around mostly because pre-1.9
>versions still need the LDAP provider info.
>
>I'd like to get some review and feedback from our community so we can
>link the wiki page from the front page or the documentation section. In
>addition to the lists, I also CC-ed the individual contributors to the
>original page directly..I hope that's fine.
>
>Thank you for your comments.
>
>[1]
>https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20with%20a%20Windows%202008%20Domain%20Server
>_______________________________________________
>sssd-users mailing list
>sssd-users(a)lists.fedorahosted.org
>https://lists.fedorahosted.org/mailman/listinfo/sssd-users
I have had a quick read through and it all seems ok apart from one
thing, it seems to be based on the premise that there is only one AD
server available, it doesn't mention the Samba 4 AD server at all
and I can assure you that it does work with Samba 4.
Rowland
Except where it doesn't because Samba 4 behaves differently from AD:
https://fedorahosted.org/sssd/ticket/2311
I'm not trying to bash Samba here, really, but the AD provider has so
far been tested only with real AD server. So what about saying something
along the lines of "AD compatible server implementations, notably Samba
4 are currently not tested by the SSSD upstream, although we would
accept any upstream bug reports from setups with a Samba 4 server".
On a side note, we're currently working on getting a Continuous Integration
setup up and running. It might be prudent to include a Samba 4 server in
the CI setup eventually (although probably not as a tier 1 priority) to
test against.
Thanks for bringing Samba 4 up and for reading through the HOWTO!