[Samba] Windows file ownership changed from SID to Unix User

Rowland penny rpenny at samba.org
Sun Nov 22 15:27:52 UTC 2020

On 22/11/2020 14:58, Gregory Giguashvili wrote:
>     There is no one supporting the use of sssd with Samba, not even
>     Red Hat.
> Now that I know what to look for (thank you, Roland!), I found 
> https://access.redhat.com/solutions/3802321 
> <https://access.redhat.com/solutions/3802321> page explaining how to 
> properly bridge between SSSD and winbind.
> In essence,  the following configuration is in place (copy-pasting 
> main parts of the document for the benefit of those who has no RHEL 
> Customer Portal access)
> # yum install realmd oddjob oddjob-mkhomedir sssd adcli samba 
> samba-winbind krb5-workstation
> # realm  join testlab.redhat.com <http://testlab.redhat.com> -U 
> Administrator --client-software=sssd --membership-software=samba
> # systemctl stop sssd ; rm -f /var/lib/sss/db/* ; systemctl start sssd
> // This is the key! Need to replace winbind client RPM by 
> SSSD-winbind-idmap RPM
> # yum remove sssd-libwbclient
> # yum install sssd-winbind-idmap
> /etc/samba/smb.conf - idmap configuration:
> idmap config * : backend = tdb
> idmap config * :  range = 10000-199999
> idmap config TESTLAB : backend = sss
> idmap config TESTLAB : range = 200000-2147483647
> # systemctl enable smb winbind ; systemctl restart smb winbind

That isn't going to work with Samba and shares, you are just getting 

I will counter your (behind a pay wall) red-hat document with this one:


Where it clearly states:


Red Hat only supports running Samba as a server with the |winbindd| 
service to provide domain users and groups to the local system. Due to 
certain limitations, such as missing Windows access control list (ACL) 
support and NT LAN Manager (NTLM) fallback, SSSD is not supported.

'sss' is sssd

I repeat, using sssd with Samba is not supported by Samba and it isn't 
supported by Red-Hat.


More information about the samba mailing list