You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1323771
Created attachment 1143388
smb.conf file
Description of problem:
This may not be a bug or may not be a bug it just maybe that I don't understand
the configuration I need to make "sssd-libwbclient" work. Maybe the bug would
then be lack of documentation?
It's my understanding that if using SSSD joined machine to AD you should have
to use Winbind anymore but can use sssd-libwbclient to do SID<->UID mapping.
All I should have to do is run:
# alternatives --set libwbclient.so.0.12-64
/usr/lib64/sssd/modules/libwbclient.so.0.12.0
Verify with
# alternatives --display libwbclient.so.0.12-64
libwbclient.so.0.12-64 - status is manual.
link currently points to /usr/lib64/sssd/modules/libwbclient.so.0.12.0
Then you don't need anything specifically in smb.conf for mapping or do you
still need to specify winbind options?
I have attached my smb.conf.
When I go to the properties of a directory in the test share on this machine
from Windows and select the security tab, I just see the SID's and not the
names of the domain users. Though these SID's seem to be valid entries for the
directory.
Also if I add permission entries from Windows it works when I add new entries
by name using domain accounts. These successfully add and the permissions get
added correctly to the directory but if I reopen the dialog, these new entries
are just SID's as well as the existing ones.
Version-Release number of selected component (if applicable):
sssd-libwbclient-1.13.3-6.fc23.x86_64
sssd-1.13.3-6.fc23.x86_64
How reproducible:
Everytime
Steps to Reproduce:
1. Have an AD joined SSSD machine.
2. Switch Samba to use ssd-libwbclient for SID mapping by running
alternatives --set libwbclient.so.0.12-64
/usr/lib64/sssd/modules/libwbclient.so.0.12.0
3. Browse to a share and select properties and the security tab
Actual results:
Displays items as SIDs
Expected results:
Should translate these SIDs to Domain Users and Groups
Additional info:
||When I go to the properties of a directory in the test share on this machine from Windows and select the ||security tab, I just see the SID's and not the names of the domain users.
I cannot repro it, I only see AD users. I see 'amit@gsslab.pnq.redhat.com' not SID. # ls -ld /share/
drwxrwxrwx 3 amit@gsslab.pnq.redhat.com domain users@gsslab.pnq.redhat.com 18 Apr 9 12:52 /share/ #
sssd-1.15.2-50.el7_4.11.x86_64
sssd-libwbclient-1.15.2-50.el7_4.11.x86_64
# alternatives --set libwbclient.so.0.13-64 /usr/lib64/sssd/modules/libwbclient.so.0.13.0 # alternatives --display libwbclient.so.0.13-64
libwbclient.so.0.13-64 - status is manual.
link currently points to /usr/lib64/sssd/modules/libwbclient.so.0.13.0
/usr/lib64/samba/wbclient/libwbclient.so.0.13 - priority 10
/usr/lib64/sssd/modules/libwbclient.so.0.13.0 - priority 20
Current `best' version is /usr/lib64/sssd/modules/libwbclient.so.0.13.0.
@amitkumar25nov, you have to check the permissions on the Windows client not on the Linux file-system. Additionally you have to make sure that "use_fully_qualified_names = False" is used to reproduce the issue from https://bugzilla.redhat.com/show_bug.cgi?id=1323771.
The proper solution here is quite complex because SSSD must return more information than needed for the plain nss calls like getpwnam(), namely the short user name and the fully-qualified and the short domain name. To perform well the memory mapped cache must be aware of the additional data as well. I've send an initial patch set some months ago but especially the memory mapped cache related part needs more work.
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/3221
Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1323771
Comments
Comment from jhrozek at 2016-10-21 11:23:09
Patches for this ticket are welcome.
blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
milestone: NEEDS_TRIAGE => SSSD Patches welcome
review: True => 0
selected: =>
testsupdated: => 0
Comment from jhrozek at 2016-11-23 11:51:26
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1397749 (Red Hat Enterprise Linux 7)
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1323771 1323771] => [https://bugzilla.redhat.com/show_bug.cgi?id=1323771 1323771], [https://bugzilla.redhat.com/show_bug.cgi?id=1397749 1397749]
Comment from lslebodn at 2017-02-24 14:27:38
Metadata Update from @lslebodn:
Comment from amitkumar25nov at 2018-04-09 08:39:16
||When I go to the properties of a directory in the test share on this machine from Windows and select the ||security tab, I just see the SID's and not the names of the domain users.
I cannot repro it, I only see AD users. I see 'amit@gsslab.pnq.redhat.com' not SID.
# ls -ld /share/
drwxrwxrwx 3 amit@gsslab.pnq.redhat.com domain users@gsslab.pnq.redhat.com 18 Apr 9 12:52 /share/
#
sssd-1.15.2-50.el7_4.11.x86_64
sssd-libwbclient-1.15.2-50.el7_4.11.x86_64
# alternatives --set libwbclient.so.0.13-64 /usr/lib64/sssd/modules/libwbclient.so.0.13.0
# alternatives --display libwbclient.so.0.13-64
libwbclient.so.0.13-64 - status is manual.
link currently points to /usr/lib64/sssd/modules/libwbclient.so.0.13.0
/usr/lib64/samba/wbclient/libwbclient.so.0.13 - priority 10
/usr/lib64/sssd/modules/libwbclient.so.0.13.0 - priority 20
Current `best' version is /usr/lib64/sssd/modules/libwbclient.so.0.13.0.
Comment from sbose at 2018-04-10 09:13:21
@amitkumar25nov, you have to check the permissions on the Windows client not on the Linux file-system. Additionally you have to make sure that "use_fully_qualified_names = False" is used to reproduce the issue from https://bugzilla.redhat.com/show_bug.cgi?id=1323771.
The proper solution here is quite complex because SSSD must return more information than needed for the plain nss calls like getpwnam(), namely the short user name and the fully-qualified and the short domain name. To perform well the memory mapped cache must be aware of the additional data as well. I've send an initial patch set some months ago but especially the memory mapped cache related part needs more work.
Comment from sbose at 2018-04-10 09:13:22
Metadata Update from @sbose:
Comment from pbrezina at 2020-03-24 14:16:12
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Thank you for understanding.
Comment from pbrezina at 2020-03-24 14:16:14
Metadata Update from @pbrezina:
The text was updated successfully, but these errors were encountered: