enterprise-ubuntu team mailing list archive

[Longina Przybyszewska <longina@xxxxxx>]

Hi,
I try the hard way, also, Linux client integration with SSSD into MS AD and I must admit  having  a tough time!

Authentication part with login into home directory on the local workstation basically works – even with partially broken realmd .
Problems start if I want to implement  NFS+automount+Kerberos technologies for accessing the home directory;

It seems that standard configuration of workstation and configuration of  required applications for AD integration doesn’t fit together.

What should be actually in /etc/hostname – short, or fqdn name – as  standard?

Even if command ‘hostname -s [-f]’ correctly returns short or fqdn name, and ‘dnsdomainname’ correctly resolves (DNS) domainname –
some applications  figures out identity in a way that it breaks integration with AD and Kerberos directly from ‘hostname’.

This is a puzzle I can’t resolve until now – starting with /etc/hostname – and /etc/hosts:
AD join must be done with short name, as there is Windows limit of 32 chars for sAMAccount name, easy to reach with fqdn name,
and this is ‘realmd’ default.
Kerberos part requires fqdn name , but particularly rpc.gssd breaks if  hostname is  fqdn .

Especially ‘nfs-utils’ is very sensitive on what is put into /etc/hostname, /etc/hosts.

There have been resolved some naming issues in nfs-utils- 1.2.8-9ubuntu1 – available in Utopic.
Could you kindly  backport this package to  Trusty in your repository as well?
It would be the great help in resolving NFS client issues.

Best regards
From: Enterprise-ubuntu [mailto:enterprise-ubuntu-bounces+longina=sdu.dk@xxxxxxxxxxxxxxxxxxx] On Behalf Of Martinx - ?????
Sent: 22. august 2014 02:51
To: Niklas Andersson
Cc: enterprise-ubuntu@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Enterprise-ubuntu] 100% Open Active Directory - Client and Server

Hey guys!

I just backported Samba 4.1.11 to Trusty, check it out!

https://launchpad.net/~martinx/+archive/ubuntu/ig

Also, I backported a few more packages, like new btrfs-tools, new cups and new virt-manager.

I'm planning to maintain this repository until next LTS in 2016.

Cheers!
Thiago

On 18 August 2014 15:29, Martinx - ジェームズ <thiagocmartinsc@xxxxxxxxx<mailto:thiagocmartinsc@xxxxxxxxx>> wrote:
BTW, I just realized that the site enterprisesamba.com<http://enterprisesamba.com>, have the latest Samba (4.1.11) for Trusty!   :-)

I'll give it a try.

Cheers!
Thiago

On 18 August 2014 13:41, Martinx - ジェームズ <thiagocmartinsc@xxxxxxxxx<mailto:thiagocmartinsc@xxxxxxxxx>> wrote:
Awesome! Sounds okay...
Good to know about OpenChange... Thank you!

-
 Thiago

On 18 August 2014 13:33, Niklas Andersson <niklas.andersson@xxxxxxxxxxxx<mailto:niklas.andersson@xxxxxxxxxxxx>> wrote:
Well, of course it would be nice to have the newer Samba4 in Trusty, but development is moving at breakneck speed, and I understand that it might be difficult for Canonical to catch up. Perhaps not even recommended.

 These are new features, experimental. So I think the best we can do is to try these new features in upcoming versions (Utopic and what comes after), and plan for a tentative deployment after 16.04 is released. I.e in two years.

 There will also come interesting news from the OpenChange-project that relies heavily on Samba4. And hopefully we are also looking forward to big improvements to Jabber/XMPP quite soon.

Regards,
Niklas

On 18/08/14 18:24, Martinx - ジェームズ wrote:
Ah... Okay! Thanks for clarifying it...   :-)

BTW, I think that Ubuntu Samba Team should backport new Samba for Trusty, since it is a LTS release, it can not survive ~5 years with a broken version...  :-/

What do you think?!

Best,
Thiago

On 18 August 2014 13:21, Niklas Andersson <niklas.andersson@xxxxxxxxxxxx<mailto:niklas.andersson@xxxxxxxxxxxx>> wrote:
Yeah, when you try to join with realmd it won't work becuase 4.1.6 in Trusty doesn't respond with a well-formed NETLOGON-request.

That bug was first fixed in 4.1.7 or 4.1.8 I believe. That is why you need Utopic. My procedure should work just as nice using Vagrant, but I have found no cloud image with utopic yet...

Regards,
Niklas

On 18/08/14 18:15, Martinx - ジェームズ wrote:
Hello!

What kind of problems are you facing with Samba 4.1.6 in Trusty?! You said in you README that Utopic is recommended...

I'm facing this: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1357471

Is there more problems?!

Tks!
Thiago

On 18 August 2014 13:13, Niklas Andersson <niklas.andersson@xxxxxxxxxxxx<mailto:niklas.andersson@xxxxxxxxxxxx>> wrote:
Hi,
 I have setup a POC for integrating Samba4 AD DC with realmd/sssd using Docker.
 If you have Docker installed and you are familiar with the technology it won't take you more than 15 minutes to get working client/server.

 Here is the server (docker-dc) [1], and here is the client (docker-realmd) [2]

[1] https://github.com/xnandersson/docker-dc
[2] https://github.com/xnandersson/docker-realmd
Regards,
Niklas

--
Mailing list: https://launchpad.net/~enterprise-ubuntu<https://launchpad.net/%7Eenterprise-ubuntu>
Post to     : enterprise-ubuntu@xxxxxxxxxxxxxxxxxxx<mailto:enterprise-ubuntu@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~enterprise-ubuntu<https://launchpad.net/%7Eenterprise-ubuntu>
More help   : https://help.launchpad.net/ListHelp