Samba 不為 sssd 使用者執行反向映射

August 29, 2016

我已經通過 SSSD 原生 AD 支持配置了使用者。但是，當我嘗試訪問共享時，它被映射為“Unix 使用者*使用者名*@域”而不是“域*使用者名*”。

我的固態硬碟：

[sssd]
config_file_version = 2
domains = domain.com
services = nss, pam

[nss]

[pam]

[domain/domain.com]
cache_credentials = true
id_provider = ad
auth_provider = ad
access_provider = simple
default_shell = /bin/zsh
fallback_homedir = /home/%d/%u
simple_allow_users = user@domain.com
use_fully_qualified_names = true
ldap_id_mapping = true
ldap_schema = ad
ldap_idmap_range_min = 100000
ldap_idmap_range_max = 2000100000
ldap_idmap_range_size = 200000000
ldap_idmap_default_domain = DOMAIN.COM
ignore_group_members = true

我的壁爐：

[libdefaults]
   default_realm     = DOMAIN.COM
   clockskew         = 300
   ticket_lifetime   = 1d
   forwardable       = true
   proxiable         = true
   dns_lookup_realm  = true
   dns_lookup_kdc    = true
   allow_weak_crypto = true

[realms]
   DOMAIN.COM = {
       default_domain = DOMAIN.COM
       auth_to_local = RULE:[1:$1@$0](^.*@DOMAIN.COM$)s/@DOMAIN.COM/@domain.com/
   }

[domain_realm]
   .kerberos.server = DOMAIN.COM
   .domain.com = DOMAIN.COM
   domain.com = DOMAIN.COM
   domain = DOMAIN.COM

[appdefaults]
   pam = {
       ticket_lifetime         = 1d
       renew_lifetime          = 1d
       forwardable             = true
       proxiable               = false
       retain_after_close      = false
       minimum_uid             = 0
       debug                   = false
   }

[logging]
   default      = FILE:/var/log/krb5libs.log
   kdc          = FILE:/var/log/kdc.log
   admin_server = FILE:/var/log/kadmind.log

我的桑巴：

[Global]
 netbios name = HOSTNAME
 workgroup = DOMAIN.COM
 realm = DOMAIN.COM
 server string = %h
 security = ads
 client signing = yes
 client use spnego = yes
 encrypt passwords = yes
 password server = pdc.domain.com
 kerberos method = system keytab
 dedicated keytab file = /etc/krb5.keytab

 idmap config * : backend = tdbsam

 preferred master = no
 dns proxy = no
 wins support = no

 inherit acls = Yes
 map acl inherit = Yes
 acl group control = yes

 load printers = no
 #debug level = 3
 use sendfile = no

 #log level = 10

 strict allocate = yes
 aio read size = 16384
 aio write size = 16384
 aio write behind = true
 socket options = TCP_NODELAY IPTOS_LOWDELAY

我需要將/usr/lib/libwbclient.so.*庫指向/usr/lib/sssd/modules/libwbclient.so.*. 我向 Gentoo 發送了一個錯誤報告以正確處理它。

引用自：https://unix.stackexchange.com/questions/306492

Samba 不為 sssd 使用者執行反向映射

相關問答

Active Directory 中的 Linux：永久使用者

AD 使用者無法訪問 Samba 共享

如何在 CentOS 7 上清除使用者記憶體的 Active Directory 密碼？

nsswitch 如何呼叫 sssd 獲取憑據？

如果針對 Active Directory 進行身份驗證的所有 Linux 伺服器使用相同的密鑰表，我會遇到什麼問題？

加入 Active Directory 域時遇到問題