From owner-freebsd-questions@freebsd.org Sun Mar 15 09:38:41 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3CF0F26C499 for ; Sun, 15 Mar 2020 09:38:41 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.netfence.it (net-2-44-121-52.cust.vodafonedsl.it [2.44.121.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mailserver.netfence.it", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48gDrv03swz4ZdV for ; Sun, 15 Mar 2020 09:38:38 +0000 (UTC) (envelope-from ml@netfence.it) Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) (authenticated bits=0) by soth.netfence.it (8.15.2/8.15.2) with ESMTPSA id 02F9cR5Z091979 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO) for ; Sun, 15 Mar 2020 10:38:29 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.netfence.it: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu Subject: Re: Centralized user/group/whatever management To: freebsd-questions@freebsd.org References: <20200313091923.GA98495@admin.sibptus.ru> <20200313143130.GA68871@geeks.org> <96ed1afa-e0e1-51a2-997b-e95097a1d0b4@gmx.net> <20200314060747.GH27346@admin.sibptus.ru> From: Andrea Venturoli Message-ID: <751263b9-ba2d-6360-e9b7-33b8861fbe3b@netfence.it> Date: Sun, 15 Mar 2020 10:38:25 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: <20200314060747.GH27346@admin.sibptus.ru> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48gDrv03swz4ZdV X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=netfence.it; spf=pass (mx1.freebsd.org: domain of ml@netfence.it designates 2.44.121.52 as permitted sender) smtp.mailfrom=ml@netfence.it X-Spamd-Result: default: False [-4.13 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.69)[-0.686,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:2.44.121.52]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; HAS_XAW(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_NONE(0.00)[]; DMARC_POLICY_ALLOW(-0.50)[netfence.it,none]; IP_SCORE(-1.64)[ip: (-8.05), ipnet: 2.44.0.0/16(-4.03), asn: 30722(3.85), country: IT(0.03)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:30722, ipnet:2.44.0.0/16, country:IT]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Mar 2020 09:38:41 -0000 On 2020-03-14 07:07, Victor Sudakov wrote > So pam_winbind it is, if you want to use AD for user/group management? Yes. > Does winbindd not crash any more under FreeBSD? Not sure what crashes you are referring to, related to which version of FreeBSD or Samba and from when, but I'm using it heavily and I don't remember seeing it crashing in years. It has some quirks, but you can get a working stable config. > Do you need to also enable winbind somehow in nsswitch.conf? Sure. You'll need a couple of lines: group: files winbind passwd: files winbind >> One must simply admit that Active Directory is a wellthought system One critic I can make is that's it's designed to scale to very big setups and will probably be overengineering for most (smaller) situations. Then again, nothing's perfect. > However first I'd like to find a free, open source solution for a > Unix-only office. Hope it will not eventually come to buying a Windows > server to manage Linux and FreeBSD workstations. I do that without Windows at all. Just setup a Samba AD DC (or, better, two) and you're done. bye av.