[Samba] Windows file ownership changed from SID to Unix User

Rowland penny rpenny at samba.org
Sun Nov 22 13:10:48 UTC 2020


On 22/11/2020 12:50, Gregory Giguashvili via samba wrote:
> After upgrading Samba server from 4.9 to 4.10 version running on RHEL 7.7
> OS, something changed in how Windows clients see the file ownership on the
> exported shares. Instead of SID owners, it now shows "Unix User\username"
> and "Unix group\groupname" users. This works fine in all the cases except
> when Samba share is used for storing Windows user profiles. The workaround
> mentioned in
> https://serverfault.com/questions/515968/house-roaming-profiles-on-realm-trusted-samba-server/517616#517616
> works, but it is to be avoided due to possible security issues.
>
> I should mention that I'm NOT using winbind service. My Samba servers are
> joined to the domain using SSSD. This worked fine with Samba 4.8 and 4.9,
> but stopped working from 4.10 version.
>
No, you only thought it worked using sssd on 4.8.x & 4.9.x, but it 
didn't work correctly.

Before Samba 4.8.0, smbd was able to directly contact AD, but this 
changed when 4.8.0 was released, smbd must go through winbind and you 
cannot run winbind with sssd.

Samba never produced sssd, so little is known about it on this mailing 
list, but I suggest you stop using sssd and set up the profiles share 
using Windows ACLs.

Rowland





More information about the samba mailing list