[Samba] sssd on a DC

Jonathan Hunter jmhunter1 at gmail.com
Mon May 11 11:19:15 MDT 2015


On 10 May 2015 at 16:11, Jonathan Hunter <jmhunter1 at gmail.com> wrote:
> OK, I've got a little further and I think I have tracked this down to
> a reverse DNS issue - which was non-obvious to me, so here is a
> write-up for the benefit of the archives.

Just to close this off - I have now got sssd configured and working on
my Samba4 DCs (well, if I'm being picky, I have it on two out of three
so far - the third is still to come, as I'll need to chown/chgrp
thousands of files when I do that one)

On these two separate machines (which were not ones I copied across
idmap.ldb on (not that I'm using winbind now)), with a random test
user (created some months ago, and which I have not used or tried to
enumerate before), I get the following (sanitised) with sssd
configured on each machine:

[root at dc1 private]# id testuser
uid=1528401182(testuser) gid=1528400513(domain users)
groups=1528400513(domain
users),1528402109(abc-test-ssh),1528402118(abc-test2-ssh),1528402646(users)

and

[root at dc2 ~]# id testuser
uid=1528401182(testuser) gid=1528400513(domain users)
groups=1528400513(domain
users),1528402109(abc-test-ssh),1528402118(abc-test2-ssh)

I have to say, I'm not sure where the 'users' group has gone to on dc2
(or possibly where it comes from on dc1; these two machines are
different builds actually) but I'm happy enough that the UIDs and GIDs
are now identical across these two machines.

In case anyone needs it, my sssd.conf is very simple. I'm using the
standard sssd that comes with CentOS 6.6 (which is 1.11.6). Conf file
is:

[sssd]
config_file_version = 2
domains = domain.tld
services = nss, pam

[domain/domain.tld]
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad
ldap_id_mapping = True
ldap_schema = ad
default_shell = /bin/bash
fallback_homedir = /home/%d/%u

-- 
"If we knew what it was we were doing, it would not be called
research, would it?"
      - Albert Einstein


More information about the samba mailing list