[Samba] Windows file ownership changed from SID to Unix User
Gregory Giguashvili
gregory.giguashvili at gmail.com
Sun Nov 22 12:50:29 UTC 2020
After upgrading Samba server from 4.9 to 4.10 version running on RHEL 7.7
OS, something changed in how Windows clients see the file ownership on the
exported shares. Instead of SID owners, it now shows "Unix User\username"
and "Unix group\groupname" users. This works fine in all the cases except
when Samba share is used for storing Windows user profiles. The workaround
mentioned in
https://serverfault.com/questions/515968/house-roaming-profiles-on-realm-trusted-samba-server/517616#517616
works, but it is to be avoided due to possible security issues.
I should mention that I'm NOT using winbind service. My Samba servers are
joined to the domain using SSSD. This worked fine with Samba 4.8 and 4.9,
but stopped working from 4.10 version.
I'm attaching my smb.conf file. Any recommendations on how to follow-up on
this issue are greatly appreciated
[global]
security = ADS
workgroup = MYDOM
realm = MYDOM.local
log level = 3
dfree command = /bin/samba-dfree
dfree cache time = 60
# See https://wiki.samba.org/index.php/Idmap_config_ad
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config MYDOM:backend = ad
idmap config MYDOM:schema_mode = rfc2307
idmap config MYDOM:range = 10000-999999
idmap config MYDOM:unix_nss_info = no
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
# Template settings for login shell and home directory
template shell = /bin/bash
template homedir = /home/shared/%U
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
# See https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
comment = Users profiles
path = /roaming/profiles
browseable = No
read only = No
force create mode = 0600
force directory mode = 0700
csc policy = disable
level2 oplocks = No
oplocks = No
More information about the samba
mailing list