[Samba] using spn with winbind
Rowland Penny
rpenny at samba.org
Sun Jun 18 08:21:32 UTC 2023
On 18/06/2023 08:36, Stefan Kania via samba wrote:
> Hi Rowland,
>
> so it's different when using winbind insted of sssd ;-) And you can't
> get the same result with "ls -l " using winbind. That's what I also
> tought but as always: There is more between haven and earth.
>
> Stefan
Hi Stefan
Didn't look closely enough, sssd appears to be setting the ownership to
the users UPN and what looks like a groups UPN:
$ ls -al /home/domain.tld/user
drwx------ 5 'user at domain.tld' 'domain users at domain.tld' 103 12. Jun
14:14 .
The problems I have with that are:
A) No Unix tool would set ownership like that.
B) No Domain group that I have ever seen has a UPN.
C) Are they actual UPN's or 'made up' ones, in which case, what if the
user has a different UPN ?
Is this standard for sssd ?
Samba has (as I am sure you know) 'winbind use default domain' which can
be set to 'yes', this will remove the 'DOMAIN' from the user & group
names, so you get:
rowland
instead of:
SAMDOM\rowland
In my opinion (for what its worth), sssd is doing it wrong, if they
permanently set the ownerships with what appear to be UPNs.
Rowland
More information about the samba
mailing list