Moving from sssd to winbind to allow file sharing in security=ads mode on RHEL6
Issue
I want to enable samba file sharing with security=ads, but have sssd in the nss stack. SSSD was configured to use UNIX attributes provided by Active directory. I need to move to samba/winbind, but this has the following issue:
Winbind always takes the primary gid from the Primary Group assigned in MemberOf tab and not the one assigned in UNIX attributes. For example:
WINBIND:
[root@ldap-testsrv ~]# id kunal
uid=98789(kunal) gid=10002(domain users) groups=10002(domain users),10111(foobar) context=root:system_r:unconfined_t:SystemLow-SystemHigh
[root@ldap-testsrv ~]# getent passwd kunal
kunal:*:98789:10002:kunal:/home/WIN2K3R2/kunal:/bin/bash
SSSD:
[root@ldap-testsrv ~]# getent passwd kunal
kunal:*:98789:10111:kunal:/home/xyz:/sbin/nologin
[root@ldap-testsrv ~]# id kunal
uid=98789(kunal) gid=10111(foobar) groups=10111(foobar),10002(Domain Users) context=root:system_r:unconfined_t:SystemLow-SystemHigh
SSSD assigns the primary gid according to the UNIX attributes and not according to the Primary Group set in MemberOf tab in the properties of that user in AD.
Environment
Red Hat Enterprise Linux 6.4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
