On May 31, 2019, at 6:46 AM, Sumit Bose <sbose@redhat.com> wrote:

On Thu, May 30, 2019 at 02:33:28PM -0400, Dav Banks wrote:

Hi There,

I was wondering if anyone has experience with using sssd for samba authentication. I’ve gotten sssd working for getent tools but when a user tries to access a share that they have permissions to via a group they get a permissions denied error. If I add the user directly to the ACL it works fine.

I can post more info but was just wondering if this is a known problem or just something strange with me.

Hi,

recent version of Samba requires that winbind must be running as well to
allow Samba to communicate with AD for purposes not handled by SSSD.
Older versions of Samba's smbd had some fallback code so that winbind
was not strictly needed but this code was removed mainly for security
reasons.

Please check the list archive for config examples. The main idea is to
add idmap_sss to the Samba configuration to make sure winbind and SSSD
use the same id-mapping, see man idmap_sss for details as well.

HTH

bye,
Sumit

-------------------------------
Dav Banks

_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org