HI all.
I've got working samba AD server. It is playing nicely with Windows 10 and
also successfully authenticating Linux machines with SSSD.
On the Windows machines I have our EMC storage smb mounted via group
policy. Managing permissions for users and groups there, as you know,
happens with right click, security etc..
As you may have already guessed the troubles come when my Linux machines,
that access the storage via nfs mount, need to work with folders and files
created from the Windows PCs. Linux doesn't "see" the actual user/group
that owns given folder. It interprets it into ID numbers starting from 1000.
I'm quite sure that this is common and known issue, but I don't know what
is the right way to deal with it, so any wisdom will be helpful.
Here's smb.conf from server
[global]
> netbios name = AD
> realm = XXXXXX
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> workgroup = XXXX
> idmap config XXXX:unix_nss_info = yes
> log file = /var/log/samba/samba.log
> log level = 3
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/XXXXXX/scripts
> read only = No
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
also, sssd.conf from client
[sssd]
> domains = xxxx
> config_file_version = 2
> services = nss, pam
> [domain/xxxx]
> ad_domain = xxxx
> krb5_realm = XXXX
> realmd_tags = manages-system joined-with-samba
> cache_credentials = True
> id_provider = ad
> krb5_store_password_if_offline = True
> default_shell = /bin/bash
> ldap_id_mapping = True
> use_fully_qualified_names = False
> fallback_homedir = /home/%u
> access_provider = ad
and nsswitch.conf
passwd: files sss
> shadow: files sss
> group: files sss
Will appreciate any wisdom.
Thanks!
Z