On Thu, May 30, 2019 at 02:33:28PM -0400, Dav Banks wrote: > Hi There, > > I was wondering if anyone has experience with using sssd for samba > authentication. I’ve gotten sssd working for getent tools but when a user > tries to access a share that they have permissions to via a group they get a > permissions denied error. If I add the user directly to the ACL it works fine. > > I can post more info but was just wondering if this is a known problem or > just something strange with me.
Hi, recent version of Samba requires that winbind must be running as well to allow Samba to communicate with AD for purposes not handled by SSSD. Older versions of Samba's smbd had some fallback code so that winbind was not strictly needed but this code was removed mainly for security reasons. Please check the list archive for config examples. The main idea is to add idmap_sss to the Samba configuration to make sure winbind and SSSD use the same id-mapping, see man idmap_sss for details as well. HTH bye, Sumit > > ------------------------------- > Dav Banks > > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
