search for: auto_private_group

SSSD has auto_private_groups setting which effectively automatically creates a private user group when getting users from AD that either don't have gidNumber set for them or have gidNumber set to be the same as uidNumber. Is there any option in Winbind that could help achieve a similar result? Say, I have a user 'alex...

Manually.? Direct edit of passwd and group.Sent from my Sprint Phone.------ Original message------From: Rowland penny via sambaDate: Fri, Feb 28, 2020 2:04 AMTo: samba at lists.samba.org;Cc: Subject:Re: [Samba] auto_private_groups analogue?On 28/02/2020 00:00, Christopher Cox via samba wrote: > Maybe a workaround?? We use winbind and default domain.? Therefore > there are two records from getent if there's a local user with the > same name (and different uid).? However, I just did a test creating a > loca...

On 28/02/2020 13:24, chriscox--- via samba wrote: > Manually.? Direct edit of passwd and group.Sent from my Sprint Phone.------ Original message------From: Rowland penny via sambaDate: Fri, Feb 28, 2020 2:04 AMTo: samba at lists.samba.org;Cc: Subject:Re: [Samba] auto_private_groups analogue?On 28/02/2020 00:00, Christopher Cox via samba wrote: >> Maybe a workaround?? We use winbind and default domain.? Therefore >> there are two records from getent if there's a local user with the >> same name (and different uid).? However, I just did a test creating a...

...ote: > On 28/02/2020 13:24, chriscox--- via samba wrote: >> Manually.? Direct edit of passwd and group.Sent from my Sprint Phone.------ >> Original message------From: Rowland penny via sambaDate: Fri, Feb 28, 2020 >> 2:04 AMTo: samba at lists.samba.org;Cc: Subject:Re: [Samba] auto_private_groups >> analogue?On 28/02/2020 00:00, Christopher Cox via samba wrote: >>> Maybe a workaround?? We use winbind and default domain.? Therefore >>> there are two records from getent if there's a local user with the >>> same name (and different uid).? However, I just...

On 2/28/20 11:29 AM, Rowland penny via samba wrote: > On 28/02/2020 17:18, Christopher Cox via samba wrote: >> What I'm offering is a solution. >> >> Again, what I proposed is a functional workaround.? It's actually pretty >> natural and obvious when you get right down to it. >> > No it isn't. If you try to add a local user to a domain joined Unix

Hi, we have some Samba shares joined a existing Windows AD. Everything works well with complex user rights. But the problem ist that when a user creates a new file the standard windows group (domain-user) is also applied as a permission to the file. This breaks all the security because all users have now full acess to this file. (because all users are in the domain-user group) All parent

...g data to all domain members. This is an option that could help winbind users if implemented. I remember mentioning it here previously but never created a RFE bug, I didn't get any response so I forgot, my mistake, I should have created it. [1] https://docs.pagure.org/SSSD.sssd/design_pages/auto_private_groups.html > > You do not need either sssd or realmd, just about the only thing that > sssd can do that winbind cannot do, is cache sudo rules, I think you > will find that if you need cached sudo rules, you have much bigger > problems. As for realmd, a bit of bash and 'net ads j...

Hello Rowland, We’ve been using SSSD with Acitve Directory for a few years now… It’s been solid for us. Our Linux clients use the AD-Kerberos via SSSD for secure NFS4 mounts with POSIX attributes defined in AD (uidNumber, gidNumber, unixHomeDirectory, loginShell). Before putting into production, I tested using Winbind and could not get it to do what I wanted. If I remember correctly, I had