Thanks! ------------------------------- Dav Banks
> On May 31, 2019, at 6:46 AM, Sumit Bose <[email protected]> wrote: > > On Thu, May 30, 2019 at 02:33:28PM -0400, Dav Banks wrote: >> Hi There, >> >> I was wondering if anyone has experience with using sssd for samba >> authentication. I’ve gotten sssd working for getent tools but when a user >> tries to access a share that they have permissions to via a group they get a >> permissions denied error. If I add the user directly to the ACL it works >> fine. >> >> I can post more info but was just wondering if this is a known problem or >> just something strange with me. > > Hi, > > recent version of Samba requires that winbind must be running as well to > allow Samba to communicate with AD for purposes not handled by SSSD. > Older versions of Samba's smbd had some fallback code so that winbind > was not strictly needed but this code was removed mainly for security > reasons. > > Please check the list archive for config examples. The main idea is to > add idmap_sss to the Samba configuration to make sure winbind and SSSD > use the same id-mapping, see man idmap_sss for details as well. > > HTH > > bye, > Sumit > >> >> ------------------------------- >> Dav Banks >> > >> _______________________________________________ >> sssd-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
