On Mon, Apr 29, 2019 at 01:07:14AM -0000, Bob Smith wrote:
Hi,
On Windows Server 2008 R2 Enterprise, Profiles path is \\fs\profiles\rprofile
On Centos Version 7, Samba Version 4.7.1 and ROLE_DOMAIN_MEMBER
I'm getting Event ID 1521 on Windows 10 PC and roaming profile is not working.
I was told the roaming profile works with winbind, but I'm using sssd. My issue is
that Domain Admins is unknown to the Unix OS. Does roaming profile work with sssd?
Hi,
SSSD is not aware of roaming profiles. You have to run winbind in
parallel to SSSD to support this use case (with more recent versions of
Samba it is even required to run winbind on domain members in all
cases).
To make sure that winbind will use the same ID mapping as SSSD you have
to remove the sssd-libwbclient (if installed), install the
sssd-winbind-idmap package add something like
idmap config <AD-DOMAIN-SHORTNAME> : backend = sss
idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647
idmap config * : backend = tdb
idmap config * : range = 100000-199999
to smb.conf to tell winbind to use SSSD for ID mapping (see man
idmap_sss for details). After this changes you can start winbind.
Please note it is sufficient that winbind is running, there is no need
to modify any other configuration like e.g. nsswitch.conf or the PAM
configuration. Winbind is only needed so that Samba can communicate with
the AD DCs.
HTH
bye,
Sumit
>
> Thanks!
> B.
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...