similar to: Samba + sssd deployment: success and failure

So, we have Samba file sharing working on CentOS 7.6 with sssd: [root at cns-srv-lnode2 samba]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root at cns-srv-lnode2 samba]# smbd --version Version 4.8.3 Some smb.conf configuration details: - security = user - an idmap entry is unnecessary - disable netbios = yes works fine - pretty sure nmbd is unnecessary

On 6/12/19 11:10 AM, Rowland penny via samba wrote: > > Why are you using sssd on a standalone server ? > > your users will be in /etc/passwd and the Samba database, I don't think > sssd can talk to the Samba database. > I'm pretty sure what happens when you set [server role = standalone] is that Samba then defers to /etc/nsswitch.conf for how authorization should

On Thursday, 13 June 2019 09:18:25 PDT Goetz, Patrick G via samba wrote: > On 6/13/19 10:48 AM, Alexey A Nikitin via samba wrote: > > According to the MS docs SID=('S-'+version+identifier authority value+domain or computer identifier+RID). The SIDs that don't contain RID are the special cases of Machine SID, Domain SID, Service SID, and some predefined universal well-known

On Thursday, 13 June 2019 00:41:09 PDT Rowland penny via samba wrote: > On 13/06/2019 07:55, Alexey A Nikitin wrote: > > On Wednesday, 12 June 2019 13:07:56 PDT Rowland penny via samba wrote: > >>>> I think you mean 'RID' instead of 'SID' > >>> Yes, you're right. The Windows people seem to use the terms synonymously. > >> I cannot

I agree with putting the sssd discussion to bed, but am still interested in clearing up some confusion, as I'm concerned I might be missing something. On 6/12/19 12:44 PM, Rowland penny via samba wrote: > On 12/06/2019 17:43, Goetz, Patrick G via samba wrote: >> On 6/12/19 11:10 AM, Rowland penny via samba wrote: >>> Why are you using sssd on a standalone server ?

On 13/06/2019 17:17, Goetz, Patrick G via samba wrote: > On 6/13/19 10:48 AM, Alexey A Nikitin via samba wrote: >> According to the MS docs SID=('S-'+version+identifier authority value+domain or computer identifier+RID). The SIDs that don't contain RID are the special cases of Machine SID, Domain SID, Service SID, and some predefined universal well-known SIDs [1]. According to

On 12/06/2019 17:43, Goetz, Patrick G via samba wrote: > On 6/12/19 11:10 AM, Rowland penny via samba wrote: >> Why are you using sssd on a standalone server ? >> >> your users will be in /etc/passwd and the Samba database, I don't think >> sssd can talk to the Samba database. >> > I'm pretty sure what happens when you set [server role = standalone] is

On 6/13/19 10:48 AM, Alexey A Nikitin via samba wrote: > According to the MS docs SID=('S-'+version+identifier authority value+domain or computer identifier+RID). The SIDs that don't contain RID are the special cases of Machine SID, Domain SID, Service SID, and some predefined universal well-known SIDs [1]. According to the common use in MS tools SID encompasses RID. And even in

Hi, I have a problem to list/access share from Windows client to share hosted on samba domain member server. I followed the instruction from https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member step by step but I used sssd instead of winbind for the authentication method. The Linux samba server is an Ubuntu server 16.04 and I successfully added this samba server to a awindows

Thanks Rowland. 'getent passwd mydomainuser' does return the correct (new, sssd) UID e.g. 1514701182 In my /etc/nsswitch.conf I have: passwd: files sss group: files sss The problem is that when I create a file from a client machine into a samba share on this server, e.g. creating the file \\servername\sharename\newfile.txt, this new file is not owned by UID 1514701182, but

Version 4.0.6-GIT-4bebda4 Hi I have sssd up and running. It works fine except that getent only returns domain users if I specify the object e.g. getent passwd and getent group return only local users but getent passwd steve2 steve2:*:3000034:20513:steve2:/home/users/steve2:/bin/bash and getent group Domain\ Users Domain Users:*:20513: work fine. /etc/nsswitch.conf passwd: compat sss group:

Hi, Some advice, if I may.. I have two Samba4 domain controllers, that I recently switched to using sssd (against these same DCs) for UNIX user authentication - this part works perfectly. However, I am using one of these as a Samba file server also. When I create a file via a SMB share, the UNIX UID the file is owned by is the old 'winbind' UID (e.g. 3000007) rather than the new

Hi! How to get usermod working with SSSD/389DS ? We have SSSD set up on our server and it uses 389DS. SSSD was enabled with the following command: authconfig --enablesssd --enablesssdauth --ldapbasedn=dc=example,dc=com --enableshadow --enablemkhomedir --enablelocauthorize --update Running for example "usermod -L username" returns: usermod: user 'username' does not exist in

Have you seen : ( centos/redhat ) https://outsideit.net/realmd-sssd-ad-authentication/ ( debian/ubuntu ) http://www.alandmoore.com/blog/2015/05/06/joining-debian-8-to-active-directory/ but i must say, i havent tested/tried these, i dont use sssd. But i think these are usefull for you to read at least. If you use the debian variant, you may need to install also : One or more of these :

Hi Mark, I've had the same trouble with the DOMAIN\user on my DCs, and as Rowland has already pointed out, the "winbind use default domain = yes" configure option is not honored on a DC. My guess is that is because a Samba DC can only be a DC for one domain, so that is why it isn't honored. If I do "getent passwd username" on my DCs, they all return

I have a large number of CentOS machines (both 6 & 7) getting account information from an LDAP database using SSSD. It all works fine and is fairly reliable. However, I'm having problems with persuading the caching system to forget about users when they are deleted from LDAP. I know about sss_cache with either -E or -U options, but that doesn't delete anything, just invalidates the

Hi I hope that I am not totally wrong when asking this on a Samba list, but as I followed a tutorial found at the SAMBA wiki I hope I can find someone how is able to help me. My goal is to set up a server acting as a SAMBA AD Server with single sign on for linux users. I use a Ubuntu Server 13.10 as the base. On top of this I installed a SAMBA 4.1.2 from GIT, did provisioning, Kerberos

Thanks for the rapid reply! I think the problem was in the server role options I’ve modified it in “server member” and now I’m able to list the shares under \\linuxserver from any domain user authenticated in a Windows pc AD member. But now 1. Execute computer management from a Windows domain member client as a domain admin user (run as com_spoleto\rossetti.admin that is a “domain admins” member

Hi folks, AD server CentOS 7-1804, Samba 4.9.1 compiled from source, only used as AD server, with netlogon and sysvol, just like any Windows AD server AD member server CentOS 7-1804, Samba 4.7.1 installed from CentOS repositories, intended for use as a file server, with shares for roaming profiles, home directories, and data shares. I know that the getent problem has been discussed ad

Mike, If the DC returns "DOMAIN\username", but domain members (correctly?) return just "username", is this a bug in the DC? Is there some reason the DC essentially ignores the "winbind use default domain = yes" and returns DOMAIN\username? It would seem to me that sendmail would not be the only program stumbling on this. --Mark -----Original Message----- >