[Samba] Using samba AD in mixed OS environment
Christian Naumer
cn at brain-biotech.de
Mon Apr 30 12:08:56 UTC 2018
Am 29.04.2018 um 12:35 schrieb Zdravko Zdravkov via samba:
> [sssd]
>> domains = xxxx
>> config_file_version = 2
>> services = nss, pam
>> [domain/xxxx]
>> ad_domain = xxxx
>> krb5_realm = XXXX
>> realmd_tags = manages-system joined-with-samba
>> cache_credentials = True
>> id_provider = ad
>> krb5_store_password_if_offline = True
>> default_shell = /bin/bash
>> ldap_id_mapping = True
This I think is you problem.
>From the man manpage :
By default, the AD provider will map UID and GID values from the
objectSID parameter in Active Directory. For details on this, see the
"ID MAPPING" section below. If you want to disable ID mapping and
instead rely on POSIX attributes defined in Active Directory, you should set
ldap_id_mapping = False
>> use_fully_qualified_names = False
>> fallback_homedir = /home/%u
>> access_provider = ad
>
>
>
> *nsswitch.conf* on client (part of it)
>
> passwd: files sss
>> shadow: files sss
>> group: files sss
>
>
>
>
> getent passwd pj (for example) provides this:
>
> pj:*:1115001179:1115000513:xxxxxx:/home/pj:/bin/bash
What are the numbers that you are seeing if a user creates a file on
windows? What numbers if any have you configured in the AD for UID and GID?
Regards
Christian
--
Dr. Christian Naumer
Research Scientist
Plattform-Koordinator Bioprozesstechnik
B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.de, homepage www.brain-biotech.de
fon +49-6251-9331-30 / fax +49-6251-9331-11
Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Frank Goebel
Aufsichtsratsvorsitzender: Dr. Ludger Mueller
More information about the samba
mailing list