[Samba] samba4 and sssd and user mapping

Denis Cardon denis.cardon at tranquil-it-systems.fr
Tue Jan 21 01:50:36 MST 2014 

Hi Rownland and Steve,

>> on a server running samba4 with sssd for nsswitch mapping, I realized
>> recently that on windows workstation in the "folder propery/security
>> tab", users are mapped as "Unix user\userlogin" instead of
>> "DOMAINNAME\userlogin".
>>
>> I guess this is due to the fact that sssd mapping with getent passwd
>> gives me user name without domain name (eg. userlogin), and in the
>> samba4 smb.conf I don't know how to specify to use default domain, so
>> it probably maps users to DOMAINNAME\userlogin.
>>
>> Looking at sssd doc, I didn't find how to add domain name in
>> sssd.conf, and in smb.conf, the only related command is "winbind use
>> default domain", and I'd like to use sssd instead of winbind.
>>
>> So I'd like to ask if there is a "use default domain" command for
>> smb.conf without winbind?
>>
>> Cheers,
>>
>> Denis
>>
>>
> Hi, I do not think that this has anything to do with sssd, the problem
> seems to occur only on a windows workstation where sssd is not used. Did
> you create the unix users with samba-tool?
>
> If you did, then this could be where the problem lies, if you create a
> user through ADUC and then add the Unix attributes, ADUC adds the
> following attributes to the user:
>
> msSFU30NisDomain
> msSFU30Name
> uidNumber
> gidNumber
> loginShell
> unixHomeDirectory
> uid
>
> I think that it is the lack of at least the first on the list that is
> giving you your problem.
>
> If you think about it, where is 'Unix user' coming from? I think it is
> something windows uses if it cannot get the 'msSFU30NisDomain' but does
> find 'uidNumber'
>
> Try adding the attributes to one of your users and see if it cures your
> problem.

Indeed this is not linked to sssd per se. I have looked at another setup 
(samba3 + sssd, so not exactly the same stuff) where I set the unix 
attribute throught ADUC and security tab displays properly. I'll look at 
the msSFU30NisDomain in deeper detail by tomorow.

Thanks for the input!

Denis




>
> Rowland
>


-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

More information about the samba mailing list