[Samba] please confirm: sssd not a good idea :)
Uwe Laverenz
uwe at laverenz.de
Mon Jun 10 18:32:05 UTC 2019
Hi Vincent,
Am 10.06.19 um 17:04 schrieb Vincent S. Cojot via samba:
>
> There is probably some amount of redtape on this but AFAIK it works fine
> for me: My RHEL7.6 hypervisors are joined to my AD DC 4.10.4 VMs through
> use of realm '(and thus sssd):
Yes, this worked for me too...as long as I used simple shares with Posix
acls. :)
>
> Here's a RHEL7.6 client:
> # realm list
> ad.lasthome.solace.krynn
> type: kerberos
> realm-name: AD.LASTHOME.SOLACE.KRYNN
> domain-name: ad.lasthome.solace.krynn
> configured: kerberos-member
> server-software: active-directory
> client-software: sssd
> required-package: oddjob
> required-package: oddjob-mkhomedir
> required-package: sssd
> required-package: adcli
> required-package: samba-common-tools
> login-formats: %U
> login-policy: allow-realm-logins
>
> The AD domain above is two RHEL7.6 VMs with samba 4.10.4 and the rpms
> from there: http://nova.polymtl.ca/~coyote/dist/samba/samba-4.10.4/RHEL7
Please try this to see what I mean:
> # net rpc rights list privileges SeDiskOperatorPrivilege -U "YOURDOMAIN\Administrator"
You won't probably be able to connect to your server. I was following
this page:
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
It didn't work until I switched to winbind.
But as Rowland found in RHELs Admin Guide, we have to use winbind anyway.
cu,
Uwe
More information about the samba
mailing list