[Samba] Windows file ownership changed from SID to Unix User

[Rowland penny]

On 22/11/2020 13:51, Gregory Giguashvili wrote:
>
>     No, you only thought it worked using sssd on 4.8.x & 4.9.x, but it
>     didn't work correctly.
>
> Maybe, but it "worked". Can we speculate what change in 4.10.x 
> prompted Samba to export "Unix user\username" type of ownership to 
> Windows clients instead of SID? Is there any option to revert to 
> previous "wrong" behavior as a temporary workaround?

I think it 'might' be this: https://bugzilla.samba.org/show_bug.cgi?id=13813

I cannot say for sure it is that, but it is a very good possibility.

>
>     >Before Samba 4.8.0, smbd was able to directly contact AD, but this
>     >changed when 4.8.0 was released, smbd must go through winbind and
>     you
>     >cannot run winbind with sssd.
>
> I've been using version 4.8.x and 4.9.x with SSSD without noticing any 
> problems. I only encountered the issue with the 4.10.x upgrade of Samba.
It might have seemed to work, but there were probably unseen problems 
under the hood.
>
>     >Samba never produced sssd, so little is known about it on this
>     mailing
>     >list, but I suggest you stop using sssd and set up the profiles
>     share
>     >using Windows ACLs.
>
> I could not find a consistent document describing this setup. There're 
> bits and pieces of it. Can I really replace SSSD completely by winbind 
> if I'm also using it for autofs? Or, I'd be forced to set up two Samba 
> servers: for data/homes (SSSD) and profiles (winbind)?
sssd never worked with NTLM or ACL's, it just basically did ldap, so you 
should be able to get Samba working with autofs.

The information for getting Samba to work correctly as a Unix domain 
member is on the Samba wiki, for anything you do not understand, ask here.

There is no one supporting the use of sssd with Samba, not even Red Hat.

Rowland