[Samba] using spn with winbind
rpenny at samba.org
Sun Jun 18 08:21:32 UTC 2023
On 18/06/2023 08:36, Stefan Kania via samba wrote:
> Hi Rowland,
> so it's different when using winbind insted of sssd ;-) And you can't
> get the same result with "ls -l " using winbind. That's what I also
> tought but as always: There is more between haven and earth.
Didn't look closely enough, sssd appears to be setting the ownership to
the users UPN and what looks like a groups UPN:
$ ls -al /home/domain.tld/user
drwx------ 5 'user at domain.tld' 'domain users at domain.tld' 103 12. Jun
The problems I have with that are:
A) No Unix tool would set ownership like that.
B) No Domain group that I have ever seen has a UPN.
C) Are they actual UPN's or 'made up' ones, in which case, what if the
user has a different UPN ?
Is this standard for sssd ?
Samba has (as I am sure you know) 'winbind use default domain' which can
be set to 'yes', this will remove the 'DOMAIN' from the user & group
names, so you get:
In my opinion (for what its worth), sssd is doing it wrong, if they
permanently set the ownerships with what appear to be UPNs.
More information about the samba