[Samba] Windows file ownership changed from SID to Unix User

Gregory Giguashvili gregory.giguashvili at gmail.com
Sun Nov 22 13:51:34 UTC 2020

> No, you only thought it worked using sssd on 4.8.x & 4.9.x, but it
> didn't work correctly.
Maybe, but it "worked". Can we speculate what change in 4.10.x prompted
Samba to export "Unix user\username" type of ownership to Windows clients
instead of SID? Is there any option to revert to previous "wrong" behavior
as a temporary workaround?

>Before Samba 4.8.0, smbd was able to directly contact AD, but this
> >changed when 4.8.0 was released, smbd must go through winbind and you
> >cannot run winbind with sssd.
I've been using version 4.8.x and 4.9.x with SSSD without noticing any
problems. I only encountered the issue with the 4.10.x upgrade of Samba.

>Samba never produced sssd, so little is known about it on this mailing
> >list, but I suggest you stop using sssd and set up the profiles share
> >using Windows ACLs.
I could not find a consistent document describing this setup. There're bits
and pieces of it. Can I really replace SSSD completely by winbind if I'm
also using it for autofs? Or, I'd be forced to set up two Samba servers:
for data/homes (SSSD) and profiles (winbind)?

domains = MYDOM.local
config_file_version = 2
services = nss, pam, autofs

# debug_level = 4
ad_domain = ec-eps.local
krb5_realm = MYDOM.LOCAL
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/shared/%u
access_provider = ad
dns_resolver_timeout = 30
ad_maximum_machine_account_password_age = 0
autofs_provider = ad

More information about the samba mailing list