[Samba] Windows file ownership changed from SID to Unix User
Rowland penny
rpenny at samba.org
Sun Nov 22 13:10:48 UTC 2020
On 22/11/2020 12:50, Gregory Giguashvili via samba wrote:
> After upgrading Samba server from 4.9 to 4.10 version running on RHEL 7.7
> OS, something changed in how Windows clients see the file ownership on the
> exported shares. Instead of SID owners, it now shows "Unix User\username"
> and "Unix group\groupname" users. This works fine in all the cases except
> when Samba share is used for storing Windows user profiles. The workaround
> mentioned in
> https://serverfault.com/questions/515968/house-roaming-profiles-on-realm-trusted-samba-server/517616#517616
> works, but it is to be avoided due to possible security issues.
>
> I should mention that I'm NOT using winbind service. My Samba servers are
> joined to the domain using SSSD. This worked fine with Samba 4.8 and 4.9,
> but stopped working from 4.10 version.
>
No, you only thought it worked using sssd on 4.8.x & 4.9.x, but it
didn't work correctly.
Before Samba 4.8.0, smbd was able to directly contact AD, but this
changed when 4.8.0 was released, smbd must go through winbind and you
cannot run winbind with sssd.
Samba never produced sssd, so little is known about it on this mailing
list, but I suggest you stop using sssd and set up the profiles share
using Windows ACLs.
Rowland
More information about the samba
mailing list