On Tue, Mar 12, 2019 at 08:22:37AM -0000, Dave Hope wrote: > > The plugin is /usr/lib/x86_64-linux-gnu/cifs-utils/cifs_idmap_sss.so > > from the sssd-common package. > > > > HTH > > Thanks! - I'd not thought to check that location. Having created a symlink to > replace the default idmap-plugin, getcifsacls now resolves the SIDs. > > The actual ability to create/delete files still seems to come from the > account that mounted the share rather than the user themselves - is that > expected? If so, does SSSD support the "multiuser" option without each > user/PAM having to provide cifscreds?
If I understand the "multiuser" option correctly it should be possible to use Kerberos credentials stored during login if sec=krb5 or sec=krb5i is used. For NTLM there is pam_cifscreds which can be added to the PAM configuration. You might have to add the 'forward_pass' to pam_sss.so in the auth section as well to make sure pam_sss will put the password on the PAM stack for other modules. HTH bye, Sumit > > Thanks > > Dave > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
