mapping uids of file owners to SIDs for AD users
Alexander Bokovoy
ab at samba.org
Tue Jan 24 20:05:23 UTC 2017
On ti, 24 tammi 2017, Volker Lendecke wrote:
> On Tue, Jan 24, 2017 at 01:34:21PM -0600, Steve French wrote:
> > I was noticing that (at least with richacl) the ownership information
> > in the ACL is taken from the uid/gid posix ownership information and
> > therefore the owner SID is displayed as "S-1-22-1..." followed by a
> > UID rather than querying the UID->SID mapping for that Active
> > Directory user (the server is joined to the same AD domain as the user
> > on the Windows client who created the file). The result of this is
> > that the owner from Windows explorer looks like
> >
> > "Unix user\10000" rather than "user at domain" (as it would for Windows to Windows)
> >
> > looking at uid_to_sid() in passdb/lookup_sid.c it looks like it only
> > calls out to winbind for this if it doesn't find it in the idmap cache
> > - how would this work for the common case (e.g. in RHEL) where sssd is
> > providing the mapping?
>
> Maybe use
>
> idmap config DOMAIN : backend = nss
>
> if your corporate strategy mandates sssd.
For sssd integration, one can install sssd-winbind-idmap package and use
idmap config DOMAIN : backend = sss
This should be available in RHEL 7.3 and Fedora 25 and their
derivatives.
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list