[Samba] sssd on DC for fileserver
Rowland Penny
rowlandpenny at googlemail.com
Wed Jun 3 12:06:52 MDT 2015
On 03/06/15 00:37, Jonathan Hunter wrote:
> Hi,
>
> Some advice, if I may..
>
> I have two Samba4 domain controllers, that I recently switched to
> using sssd (against these same DCs) for UNIX user authentication -
> this part works perfectly.
>
> However, I am using one of these as a Samba file server also. When I
> create a file via a SMB share, the UNIX UID the file is owned by is
> the old 'winbind' UID (e.g. 3000007) rather than the new 'sssd' UID
> (e.g. 1514701182)
The UID you refer to, has nothing to do with winbind, it is coming from
idmap.ldb and if by running 'getent passwd adomainuser' you are getting
something like this:
DOMAIN\adomainuser:*:3000007:100:Adomain User:/home/DOMAIN/rowland:/bin/bash
Then you must have a line like this in /etc/nsswitch.conf:
passwd compat winbind
As you have now installed sssd, replace 'winbind' with 'sss' and you
should get the number you are after.
Rowland
>
> I have /etc/nsswitch.conf set to use 'files sss' for passwd and group.
> 'id <username>' works fine and returns the correct (new) UID.
>
> 'getent -s sss passwd <username>' returns the new UID (that I want to use).
> 'getent -s winbind passwd <username>' returns the old UID (that I don't want).
>
> I've restarted samba, I've run 'net cache flush', I've tried adding
> "-winbind" to the 'server services' line in smb.conf.
>
> Presumably I've got something fundamentally wrong.. but I'm not sure
> what. Can this even be done? I want files created/accessed via Samba
> for my AD users to have the same UID as when the same user logs in via
> ssh or similar (and gets the UID via sssd)...
>
> Cheers,
>
> Jonathan
>
More information about the samba
mailing list