[Samba] UID GID mapping with sssd no longer supported on samba 4.7.4?
Russell R Poyner
russell.poyner at wisc.edu
Mon Feb 19 23:11:37 UTC 2018
I'm struggling with a permission problem on a samba server that is
configured to resolve unix uids and gids via nss using sssd. This mostly
works. The windows side sees files as being owned by SID=S-1-22-<unix
uid of user> and the group is SID=S-1-22-<unix gid of group>
This all works fine for files owned by the windows user, or files that
are world readable, but fails for files owned by root, but belonging to
a the user's primary group.
On the linux side:
-rw-rw---- 1 poyner pvt-poyner 0 Feb 19 17:32 poynerFile
drwxrws--- 2 root pvt-poyner 2 Feb 19 19:30 rootPoynerDir
On the windows side using powershell get-acl
Path Owner Access
---- ----- ------
poynerDir O:S-1-22-1-17907 S-1-22-1-17907 Allow FullControl...
get-acl : Attempted to perform an unauthorized operation.
This is very similar to bug 12719 which was closed with advice to use
So is winbindd now the only option for resolving UID and GID?
Is idmap_nss deprecated? Or only supported for unix users in the local
workgroup = ENGR
server string = cbeserv
security = ADS
load printers = no
realm = AD.SCHOOL.EDU
min protocol = SMB2
dns proxy = no
unix extensions = no
nmbd bind explicit broadcast = no
oplocks = yes
level2 oplocks = yes
kernel oplocks = no
passwd: files sss
group: files sss
More information about the samba