On 16/06/2023 19:49, Stefan Kania via samba wrote:> Hi,
>
> with sssd i can do:
> $ ssh user at domain.tld@HOST1
> $ id user at domain.tld
> $ ls -al /home/domain.tld/user
> drwx------ 5 user at domain.tld domain users at domain.tld? 103 12. Jun
14:14 .
> $ grep AllowGroups /etc/ssh/sshd_config
> AllowGroups lokale_gruppe samba_gruppe at domain.tld
>
> When switching to winbind only
> $ id user at domain.tld
>
> is working any other command is using user\domain
>
> $ ls -al /home/domain.tld/brielmj
> drwxr-x--- 4 DOMAIN\user DOMAIN\domain users??? 4096 Jun 15 17:10 .
> $ grep AllowGroups /etc/ssh/sshd_config
> AllowGroups lokale_gruppe DOMAIN\samba_gruppe
>
> is there a way to use winbind the same way as I can do with sssd?
>
> I've never tought about it, but i have a customer who want's to
switch
> from sssd to winbind and I can't find anything.
>
Hi, Stefan,
I think you have something set up incorrectly, or you are connecting to
a DC, or something changed after Samba 4.17.8
I can logon using ssh with kerberos to a Unix domain member running on
bookworm (Samba 4.17.8)
rowland at devstation:~$ ssh rowland at TESTDM12.SAMDOM.EXAMPLE.COM
Creating directory '/home/rowland'.
Linux testdm12 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1
(2023-05-08) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
If I run 'id' I get this:
rowland at testdm12:~$ id rowland at samdom.example.com
uid=11104(rowland) gid=10513(domain users) groups=10513(domain
users),11104(rowland),10512(domain admins),10572(denied rodc password
replication
group),12605(testgroup),3001(BUILTIN\users),3000(BUILTIN\administrators)
and running 'ls' against my home directory gets this:
rowland at testdm12:~$ ls -la /home/rowland
total 32
drwxr-xr-x 3 rowland domain users 4096 Jun 17 12:12 .
drwxr-xr-x 4 root root 4096 Jun 17 12:12 ..
-rw-r--r-- 1 rowland domain users 220 Jun 17 12:12 .bash_logout
-rw-r--r-- 1 rowland domain users 3526 Jun 17 12:12 .bashrc
drwx------ 3 rowland domain users 4096 Jun 17 12:12 .config
-rw-r--r-- 1 rowland domain users 5290 Jun 17 12:12 .face
lrwxrwxrwx 1 rowland domain users 5 Jun 17 12:12 .face.icon -> .face
-rw-r--r-- 1 rowland domain users 807 Jun 17 12:12 .profile
No 'DOMAIN' anywhere.
Rowland