[Samba] using spn with winbind

Rowland Penny rpenny at samba.org
Sun Jun 18 08:21:32 UTC 2023

On 18/06/2023 08:36, Stefan Kania via samba wrote:
> Hi Rowland,
> so it's different when using winbind insted of sssd ;-) And you can't 
> get the same result with "ls -l " using winbind. That's what I also 
> tought but as always: There is more between haven and earth.
> Stefan

Hi Stefan
Didn't look closely enough, sssd appears to be setting the ownership to 
the users UPN and what looks like a groups UPN:

$ ls -al /home/domain.tld/user
drwx------ 5 'user at domain.tld' 'domain users at domain.tld'  103 12. Jun 
14:14 .

The problems I have with that are:

A) No Unix tool would set ownership like that.
B) No Domain group that I have ever seen has a UPN.
C) Are they actual UPN's or 'made up' ones, in which case, what if the 
user has a different UPN ?

Is this standard for sssd ?

Samba has (as I am sure you know) 'winbind use default domain' which can 
be set to 'yes', this will remove the 'DOMAIN' from the user & group 
names, so you get:


instead of:


In my opinion (for what its worth), sssd is doing it wrong, if they 
permanently set the ownerships with what appear to be UPNs.


More information about the samba mailing list