I am running a SLES 12sp2 server and using SSSD for AD authentication. I have Samba working, at least I think so but not certain. I can connect to shares but when I try AD groups I am not able to connect using valid users = @‘AD-Group_name’ but I thought I did but just couldn’t add, modify or delete anything in the shared directory but I’ve tried the force user = AD_user force group = AD_group and that just makes things worse. Any good docs on setting up Samba to work with SSSD?
Besides that problem I have a request where the user wants to access the share by using \\sles_server\share\directory\directory is that even possible? I add [share] in the smb.conf and can access the share and have to click into the other directories. I try to make the share in the config as [share\directory\directory] but that doesn’t work. Is there a way to make the share the full path name?
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:
Visit http://www.suse.com/support and search the knowledgebase and/or check all
the other support options available.
If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot…
jkinning,
The development curve for the SSSD integration with samba (CIFS really) is relatively new even in the wild. Essentially we’re really talking about the replacement of the winbind daemon. I believe that the latest versions of the SSSD on Fedora, RHEL and even openSUSE have the binaries to integrate CIFS share access security into the SSSD stack. RHEL being the commercially supportable option obviously. The SLES SSSD stack maintains a more conservative stance in the versioning of the daemon it distributes, but they will get there eventually.
You could run the winbind daemon alongside the SSSD for now to manage the samba/CIFS share access. I’ll begin taking a look at the SP3 beta code to see if the CIFS share integration is there and begin testing it as well.
Andreas,
Some additional information that may help.
To access a SMB share, the system must be able to translate Windows SIDs to Linux POSIX UIDs and GIDs. SSSD clients use the SID-to-ID or SID-to-name algorithm, which enables this ID mapping.
Since SSSD v1.12 CIFS integration is possible using the reworked cifs-utils package and SSSD specific sssd-libwbclient package provided other supporting packages and libraries are present, and on IdM connected RHEL systems they usually are.
On RHEL systems the following packages provide the needed stuff:
cifs-utils
sssd-libwbclient
The sssd-libwbclient package provides the libwbclient.so library. This library is the System Security Services Daemon (SSSD) alternative to the library provided by the libwbclient package used by the Winbind service.
On SLES (as best I can tell to date):
cifs-utils (possibly not the required version)
libwbclient0 (possibly not the required version)
The libwbclient0 package provides the libwbclient.so library on the SLES platform, however it or the other underlying supporting libraries may not provide the required functionality to facilitate CIFS intergration.
Using this info I will test in my lab within the next fortnight and post my results.