HI all.
I've got working samba AD server. It is playing nicely with Windows 10 and also successfully authenticating Linux machines with SSSD.
On the Windows machines I have our EMC storage smb mounted via group policy. Managing permissions for users and groups there, as you know, happens with right click, security etc..
As you may have already guessed the troubles come when my Linux machines, that access the storage via nfs mount, need to work with folders and files created from the Windows PCs. Linux doesn't "see" the actual user/group that owns given folder. It interprets it into ID numbers starting from 1000.
I'm quite sure that this is common and known issue, but I don't know what is the right way to deal with it, so any wisdom will be helpful.
Here's smb.conf from server
[global]
netbios name = AD
realm = XXXXXX
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = XXXX
idmap config XXXX:unix_nss_info = yes
log file = /var/log/samba/samba.log
log level = 3
[netlogon]
path = /usr/local/samba/var/locks/sysvol/XXXXXX/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
also, sssd.conf from client
[sssd]
domains = xxxx
config_file_version = 2
services = nss, pam
[domain/xxxx]
ad_domain = xxxx
krb5_realm = XXXX
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
and nsswitch.conf
passwd: files sss
shadow: files sss
group: files sss
Will appreciate any wisdom.
Thanks!
Z