[Samba] using spn with winbind
Stefan Kania
stefan at kania-online.de
Sun Jun 18 07:36:00 UTC 2023
Hi Rowland,
so it's different when using winbind insted of sssd ;-) And you can't
get the same result with "ls -l " using winbind. That's what I also
tought but as always: There is more between haven and earth.
Stefan
Am 17.06.23 um 13:23 schrieb Rowland Penny via samba:
>
>
> On 16/06/2023 19:49, Stefan Kania via samba wrote:
>> Hi,
>>
>> with sssd i can do:
>> $ ssh user at domain.tld@HOST1
>> $ id user at domain.tld
>> $ ls -al /home/domain.tld/user
>> drwx------ 5 user at domain.tld domain users at domain.tld 103 12. Jun 14:14 .
>> $ grep AllowGroups /etc/ssh/sshd_config
>> AllowGroups lokale_gruppe samba_gruppe at domain.tld
>>
>> When switching to winbind only
>> $ id user at domain.tld
>>
>> is working any other command is using user\domain
>>
>> $ ls -al /home/domain.tld/brielmj
>> drwxr-x--- 4 DOMAIN\user DOMAIN\domain users 4096 Jun 15 17:10 .
>> $ grep AllowGroups /etc/ssh/sshd_config
>> AllowGroups lokale_gruppe DOMAIN\samba_gruppe
>>
>> is there a way to use winbind the same way as I can do with sssd?
>>
>> I've never tought about it, but i have a customer who want's to switch
>> from sssd to winbind and I can't find anything.
>>
>
> Hi, Stefan,
>
> I think you have something set up incorrectly, or you are connecting to
> a DC, or something changed after Samba 4.17.8
>
> I can logon using ssh with kerberos to a Unix domain member running on
> bookworm (Samba 4.17.8)
>
> rowland at devstation:~$ ssh rowland at TESTDM12.SAMDOM.EXAMPLE.COM
> Creating directory '/home/rowland'.
> Linux testdm12 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1
> (2023-05-08) x86_64
>
> The programs included with the Debian GNU/Linux system are free software;
> the exact distribution terms for each program are described in the
> individual files in /usr/share/doc/*/copyright.
>
> Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
> permitted by applicable law.
>
> If I run 'id' I get this:
>
> rowland at testdm12:~$ id rowland at samdom.example.com
> uid=11104(rowland) gid=10513(domain users) groups=10513(domain
> users),11104(rowland),10512(domain admins),10572(denied rodc password
> replication
> group),12605(testgroup),3001(BUILTIN\users),3000(BUILTIN\administrators)
>
> and running 'ls' against my home directory gets this:
>
> rowland at testdm12:~$ ls -la /home/rowland
> total 32
> drwxr-xr-x 3 rowland domain users 4096 Jun 17 12:12 .
> drwxr-xr-x 4 root root 4096 Jun 17 12:12 ..
> -rw-r--r-- 1 rowland domain users 220 Jun 17 12:12 .bash_logout
> -rw-r--r-- 1 rowland domain users 3526 Jun 17 12:12 .bashrc
> drwx------ 3 rowland domain users 4096 Jun 17 12:12 .config
> -rw-r--r-- 1 rowland domain users 5290 Jun 17 12:12 .face
> lrwxrwxrwx 1 rowland domain users 5 Jun 17 12:12 .face.icon -> .face
> -rw-r--r-- 1 rowland domain users 807 Jun 17 12:12 .profile
>
> No 'DOMAIN' anywhere.
>
> Rowland
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20230618/e2747dd9/OpenPGP_signature.sig>
More information about the samba
mailing list