[Samba] Samba AD domain member with SSSD: ACL not work
Dario Lesca
d.lesca at solinos.it
Tue Feb 14 17:07:33 UTC 2017
Il giorno mar, 14/02/2017 alle 16.13 +0000, Rowland Penny via samba ha
scritto:
> Have you modified /etc/nsswitch.conf ?
No:
> passwd: files sss
> shadow: files sss
> group: files sss
for default nsswitch.conf is configure to use sssd
> If you haven't, then you are not using winbind, you are using sssd.
Yes. I use sssd, If this is not a problem for samba.
> In which case you should remove the 'idmap config' lines from
> smb.conf.
Ok, now I have remove this 4 lines, restart smb and test: ACLs still
not work.
> feb 14 17:45:24 samba-dati.srl.local nmbd[3338]: *****
> feb 14 17:45:24 samba-dati.srl.local nmbd[3338]:
> feb 14 17:45:24 samba-dati.srl.local nmbd[3338]: Samba name server SAMBA-DATI is now a local master browser for workgroup SRL on subnet 192.168.1.5
> feb 14 17:45:24 samba-dati.srl.local nmbd[3338]:
> feb 14 17:45:24 samba-dati.srl.local nmbd[3338]: *****
> feb 14 17:45:44 samba-dati.srl.local smbd[3369]: [2017/02/14 17:45:44.973268, 0] ../source3/smbd/posix_acls.c:2080(create_canon_ace_lists)
> feb 14 17:45:44 samba-dati.srl.local smbd[3369]: create_canon_ace_lists: unable to map SID S-1-5-21-347198863-3916504048-2821235790-1213 to uid or gid.
The error still exist
> You should also try asking on the sssd users mailing list for help,
> because if you are not using winbind for authentication, this is
> probably where your problem lies.
Ok, but my question now is: it's possible to use samba in conjunction
to sssd?
or this kind of configuration is not allowed or not fully tested or
supported by samba team?
> If you want use winbind instead of sssd, you will need to turn sssd
> off.
Ok, this way it's another possible solution, if I am not able to
configure samba + sssd
Many Thanks
--
Dario Lesca
(inviato dal mio Linux Fedora 25 Workstation)
More information about the samba
mailing list