On Tue, Mar 12, 2019 at 08:22:37AM -0000, Dave Hope wrote:
> The plugin is
/usr/lib/x86_64-linux-gnu/cifs-utils/cifs_idmap_sss.so
> from the sssd-common package.
>
> HTH
Thanks! - I'd not thought to check that location. Having created a symlink to replace
the default idmap-plugin, getcifsacls now resolves the SIDs.
The actual ability to create/delete files still seems to come from the account that
mounted the share rather than the user themselves - is that expected? If so, does SSSD
support the "multiuser" option without each user/PAM having to provide
cifscreds?
If I understand the "multiuser" option correctly it should be possible
to use Kerberos credentials stored during login if sec=krb5 or sec=krb5i
is used. For NTLM there is pam_cifscreds which can be added to the PAM
configuration. You might have to add the 'forward_pass' to pam_sss.so in
the auth section as well to make sure pam_sss will put the password on
the PAM stack for other modules.
HTH
bye,
Sumit
>
> Thanks
>
> Dave
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...