[Samba] samba4 and sssd and user mapping

Sven Schwedas sven.schwedas at tao.at
Tue Jan 21 00:50:43 MST 2014


On 2014-01-20 16:13, Rowland Penny wrote:
> On 20/01/14 10:25, Denis Cardon wrote:
>> Hi everyone,
>>
>> on a server running samba4 with sssd for nsswitch mapping, I realized
>> recently that on windows workstation in the "folder propery/security
>> tab", users are mapped as "Unix user\userlogin" instead of
>> "DOMAINNAME\userlogin".
>>
>> I guess this is due to the fact that sssd mapping with getent passwd
>> gives me user name without domain name (eg. userlogin), and in the
>> samba4 smb.conf I don't know how to specify to use default domain, so
>> it probably maps users to DOMAINNAME\userlogin.
>>
>> Looking at sssd doc, I didn't find how to add domain name in
>> sssd.conf, and in smb.conf, the only related command is "winbind use
>> default domain", and I'd like to use sssd instead of winbind.
>>
>> So I'd like to ask if there is a "use default domain" command for
>> smb.conf without winbind?
>>
>> Cheers,
>>
>> Denis
>>
>>
> Hi, I do not think that this has anything to do with sssd, the problem
> seems to occur only on a windows workstation where sssd is not used. Did
> you create the unix users with samba-tool?
> 
> If you did, then this could be where the problem lies, if you create a
> user through ADUC and then add the Unix attributes, ADUC adds the
> following attributes to the user:
> 
> msSFU30NisDomain
> msSFU30Name
> uidNumber
> gidNumber
> loginShell
> unixHomeDirectory
> uid

As an aside, are the msSFU*-attributes explained somewhere? "It works
like Windows Server" is not really helpful for people who have a pure
Linux environment. :-)

> I think that it is the lack of at least the first on the list that is
> giving you your problem.
> 
> If you think about it, where is 'Unix user' coming from? I think it is
> something windows uses if it cannot get the 'msSFU30NisDomain' but does
> find 'uidNumber'
> 
> Try adding the attributes to one of your users and see if it cures your
> problem.
> 
> Rowland
> 

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140121/013d634b/attachment.pgp>


More information about the samba mailing list