I have working AD (Samba) for office with mostly Linux machines and few users on Windows 10. I'm using sssd to join the AD with the following configuration:
[sssd] > domains = xxxxx > config_file_version = 2 > services = nss, pam > [domain/xxxxx] > ad_domain = xxxxxx > krb5_realm = XXXXXXX > realmd_tags = manages-system joined-with-samba > cache_credentials = True > id_provider = ad > krb5_store_password_if_offline = True > default_shell = /bin/bash > ldap_id_mapping = True > use_fully_qualified_names = False > fallback_homedir = /home/%u > access_provider = ad We have EMC storage, joined to the AD. Everyone is using it. On Windows it's being mapped via smb, and in Linux via nfs. I'll explain it as simple as I can. If I'm Linux user X and I create folder on the storage then list it to check ownership and permissions, it appears as it should - with owner X, and group domain users. Next, I log on Windows machine with the same user (X), browse the storage and create another folder. Then, on a Linux machine I list it, to check ownership. Now for owner I'm getting bizarre generated uID - "1000043", but the group remains as it should (domain users). Obviously this is a problem, as it messes up access to files/folders which need to be used between different operating systems. Next, from linux machine I check the uid for that particular user: *id X*, so I'm getting result "1115001239" which is OK. This is the uid as Linux understands it. If I copy that uid, then in AD users and computers management tool (in windows) I browse that particular user, and manually add the uid to the shown uidNumber attribute: [image: ad_attrs.PNG] Then clear SSSD cache with *sss_cache -E*. The next file/folder I create from Windows is now successfully shown with correct owner name in Linux. This is kind of a solution, but isn't perfect as it requires a bit of manual interaction. I'm wondering if it has anything to do with SSSD, or it is purely up to Samba? Is there a better way to achieve what I want. Cheers guys
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
