[GRLUG] Samba user management
mikemol at gmail.com
Wed Feb 25 11:10:44 EST 2015
On Wed, Feb 25, 2015 at 9:51 AM, Adam Tauno Williams
<awilliam at whitemice.org> wrote:
> On Tue, 2015-02-24 at 12:56 -0500, Mark Farver wrote:
>> On Feb 24, 2015 12:34 PM, "L. V. Lammert" <lvl at omnitec.net> wrote:
>> > On Tue, 24 Feb 2015, Mark Farver wrote:
>> The industry has long outgrown the "MS is crap" attitude.
>> > Never used AD and don't plan to, just looking for a simple way to
>> >allow clients to admin Samba usres.
>> I'm not a MS fan, having been deploying Linux into production since
>> 1994, but I can assure you that AD really has no parallel. It's
>> replication and support for both Windows and Unix clients is
>> excellent, and the tools to administer it have a long and well tested
>> history. It is dense and opaque at times, but for most situations it
>> is better than the alternatives.
> +1 Refusing to use Active Directory [which, BTW, Samba4 provides
> effortlessly] is really choosing a route of pain. You can be Open and
> use Active Directory. Active Directory *finally* provides a
> just-do-it-this-way solution for identity and authentication, and it
> uses standard protocols to do it [LDAP and Kerberos].
You know, I have no complaints about AD, or even about Samba
integration to AD as a client.
But I was one of the early people to try to get Samba4 functioning as
an AD controller. And I tried again last year. And throughout the
period, I was gung-ho about Samba and AD integration, and really,
*really* wanted to get everything working.
In both cases, my experience can be summed up this way: Samba4 in an
AD context is horrifically underdocumented, the Samba bugtrackers are
lackadaisically-pursued, at best, and their mailing list leaves much
to be desired. I personally found it to be rude and condescending,
beyond what one is normally accustomed to as a newbie in a forum of
Oh, and don't buy any of the books on the subject if they're more than
a couple years old. Meaning any of them. And last I looked, their
online documentation was a hodge-podge of fairly version-specific
tutorials, all obsolete. I bought All The Books. I read them cover to
cover. I read all of the pages on all of the official websites. I
tried to follow all of the rules for all of the official channels,
tried to use the formal processes for everything, from mailing lists
I could not make it work, the documentation to make it work was not
there, and the support to make it work was generally not there.
I will. Not. Touch. Samba. Not in a controller scenario, in any case.
And with things like sssd available, I'll very happily move in that
If they manage to get their act together and release an updated book,
or at least get their documentation cleaned up, maybe I'll look again.
But I have not gotten the impression that they are still a healthy
open-source project, and I don't have high hopes for their continued
More information about the grlug