4.2. Using SMB shares with SSSD and Winbind
4.2.1. How SSSD Works with SMB
4.2.2. Determining Whether to Use SSSD or Winbind for SMB Shares
- Identity Management clients use SSSD by default to map Active Directory users to UNIX users. Using Winbind for the SMB ID mapping instead of SSSD can result in inconsistent mapping.
- In environments with direct Active Directory integration where the clients use SSSD for general Active Directory user mappings, using Winbind for the SMB ID mapping instead of SSSD can result in inconsistent mapping.
4.2.3. Accessing SMB Shares from SSSD Clients
alternativesutility. The utility displays the currently used library. In the following example, the system uses the SSSD library:
# alternatives --list | grep -E cifs\|libwbclientcifs-idmap-plugin auto /usr/lib64/cifs-utils/cifs_idmap_sss.so libwbclient.so.0.11-64 auto /usr/lib64/sssd/modules/libwbclient.so.0.11.0
4.2.4. Switching Between SSSD and Winbind for SMB Share Access
$ rpm -q cifs-utils
- Optional. Find out whether you are currently using SSSD or Winbind to access SMB shares from the SSSD client:
# alternatives --display cifs-idmap-plugincifs-idmap-plugin - status is auto. link currently points to /usr/lib/cifs-utils/cifs_idmap_sss.so /usr/lib/cifs-utils/cifs_idmap_sss.so - priority 20 /usr/lib/cifs-utils/idmapwb.so - priority 10 Current `best' version is /usr/lib/cifs-utils/cifs_idmap_sss.so.If the SSSD plug-in (
cifs_idmap_sss.so) is installed, it has a higher priority than the Winbind plug-in (
idmapwb.so) by default.
- Before switching to the Winbind plug-in, make sure Winbind is running on the system:
# systemctl is-active winbind.serviceactiveBefore switching to the SSSD plug-in, make sure SSSD is running on the system:
# systemctl is-active sssd.serviceactive
- To switch to a different plug-in, use the
alternatives --set cifs-idmap-plugincommand, and specify the path to the required plug-in. For example, to switch to Winbind:
# alternatives --set cifs-idmap-plugin /usr/lib/cifs-utils/idmapwb.so