Web lists-archives.com

Re: [Samba] UID GID mapping with sssd no longer supported on samba 4.7.4?




Am Montag, 19. Februar 2018, 17:11:37 CET schrieb Russell R Poyner via 
samba:
> I'm struggling with a permission problem on a samba server that is
> configured to resolve unix uids and gids via nss using sssd. This
> mostly works. The windows side sees files as being owned by
> SID=S-1-22-<unix uid of user> and the group is SID=S-1-22-<unix gid
> of group>
> 
> This all works fine for files owned by the windows user, or files that
> are world readable, but fails for files owned by root, but belonging
> to a the user's primary group.
> 
> On the linux side:
> -rw-rw----  1 poyner  pvt-poyner  0 Feb 19 17:32 poynerFile
> drwxrws---  2 root    pvt-poyner  2 Feb 19 19:30 rootPoynerDir
> 
> On the windows side using powershell get-acl
> 
> get-acl .\poynerDir\
> Path      Owner            Access
> ----      -----            ------
> poynerDir O:S-1-22-1-17907 S-1-22-1-17907 Allow  FullControl...
> 
> and
> 
> get-acl .\rootPoynerDir\
> get-acl : Attempted to perform an unauthorized operation.
> 
> This is very similar to bug 12719 which was closed with advice to use
> winbindd.
> 
> https://bugzilla.samba.org/show_bug.cgi?id=12719
> 
> So is winbindd now the only option for resolving UID and GID?
> 
> Is idmap_nss deprecated? Or only supported for unix users in the local
> password file?
May be a group owner problem? According to "man smb.conf":

Default: acl group control = no

> 
> My config
> 
> 
> smb4.conf:
> [global]
>     workgroup = ENGR
>     server string = cbeserv
>     security = ADS
>     load printers = no
>     realm = AD.SCHOOL.EDU
> 
>     min protocol = SMB2
> 
>     dns proxy = no
>     unix extensions = no
>     nmbd bind explicit broadcast = no
>     oplocks = yes
>     level2 oplocks = yes
>     kernel oplocks = no
> 
> nsswitch.conf:
> passwd:     files sss
> shadow:     files
> group:      files sss
> 
> 
> Thanks
> Russ Poyner


-- 

Gruss
	Harry Jede
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba