On Mon, Mar 11, 2019 at 06:26:34PM -0000, Dave Hope wrote:
Good day,
I am trying to use SSSD with cifsacls for an CIFS mount on Debian Buster with SSSD 1.16.
The system I'm testing with is joined to an AD domain. I can log-in with domain
credentials and check domain users with "id" or "getent passed" etc.
A CIFS share is mounted as follows, with /usr/local/etc/whisper.credentials containing an
account in the local SAM database on REMOTESERVER.
mount -t cifs //REMOTESERVER/SHARE /mnt/test -o
credentials=/usr/local/etc/whisper.credentials,noperm,cifsacl -v
getcifsacl returns the SID's, but does not resolve to names.
My assumption is therefore that cifs.idmap is not making use of the SSSD functionality.
libwbclient.so is installed
(/usr/lib/x86_64-linux-gnu/sssd/modules/libwbclient.so.0.14.0) and has exports such as
wbcLookupName. I can't spot an elf library with calls such as cifs_idmap_init_plugin.
/etc/request-key.conf has:
create cifs.spnego * * /usr/sbin/cifs.upcall -c %k
create dns_resolver * * /usr/sbin/cifs.upcall %k
Debian's update-alternatives lists ipmap-plugin, but does not provide any
alternatives to idmapwb.so provided by cifs-utils.
The plugin is /usr/lib/x86_64-linux-gnu/cifs-utils/cifs_idmap_sss.so
from the sssd-common package.
HTH
bye,
Sumit
>
> sssd is configured with id_provider = ad , ldap_id_mappinng = True ,
use_fully_qualified_names = True
>
> winbind / samba is not installed.
>
> Would someone mind providing guidance on how best to proceed in troubleshooting the
issue?
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...