Samba는 sssd 사용자를 역방향 매핑하지 않습니다.

tag-icon tag-icon samba active-directory kerberos sssd
Samba는 sssd 사용자를 역방향 매핑하지 않습니다.

SSSD 기본 AD 지원을 통해 사용자를 구성했습니다. 그러나 공유에 액세스하려고 하면 "Unix User\"로 매핑됩니다.사용자 이름@필드" 바꾸다"필드\사용자 이름".

내 SSD:

[sssd]
config_file_version = 2
domains = domain.com
services = nss, pam

[nss]

[pam]

[domain/domain.com]
cache_credentials = true
id_provider = ad
auth_provider = ad
access_provider = simple
default_shell = /bin/zsh
fallback_homedir = /home/%d/%u
simple_allow_users = [email protected]
use_fully_qualified_names = true
ldap_id_mapping = true
ldap_schema = ad
ldap_idmap_range_min = 100000
ldap_idmap_range_max = 2000100000
ldap_idmap_range_size = 200000000
ldap_idmap_default_domain = DOMAIN.COM
ignore_group_members = true

내 krb:

[libdefaults]
    default_realm     = DOMAIN.COM
    clockskew         = 300
    ticket_lifetime   = 1d
    forwardable       = true
    proxiable         = true
    dns_lookup_realm  = true
    dns_lookup_kdc    = true
    allow_weak_crypto = true

[realms]
    DOMAIN.COM = {
        default_domain = DOMAIN.COM
        auth_to_local = RULE:[1:$1@$0](^.*@DOMAIN.COM$)s/@DOMAIN.COM/@domain.com/
    }

[domain_realm]
    .kerberos.server = DOMAIN.COM
    .domain.com = DOMAIN.COM
    domain.com = DOMAIN.COM
    domain = DOMAIN.COM

[appdefaults]
    pam = {
        ticket_lifetime         = 1d
        renew_lifetime          = 1d
        forwardable             = true
        proxiable               = false
        retain_after_close      = false
        minimum_uid             = 0
        debug                   = false
    }

[logging]
    default      = FILE:/var/log/krb5libs.log
    kdc          = FILE:/var/log/kdc.log
    admin_server = FILE:/var/log/kadmind.log

내 삼바:

[Global]
  netbios name = HOSTNAME
  workgroup = DOMAIN.COM
  realm = DOMAIN.COM
  server string = %h
  security = ads
  client signing = yes
  client use spnego = yes
  encrypt passwords = yes
  password server = pdc.domain.com
  kerberos method = system keytab
  dedicated keytab file = /etc/krb5.keytab

  idmap config * : backend = tdbsam

  preferred master = no
  dns proxy = no
  wins support = no

  inherit acls = Yes
  map acl inherit = Yes
  acl group control = yes

  load printers = no
  #debug level = 3
  use sendfile = no

  #log level = 10

  strict allocate = yes
  aio read size = 16384
  aio write size = 16384
  aio write behind = true
  socket options = TCP_NODELAY IPTOS_LOWDELAY

답변1

/usr/lib/libwbclient.so.*라이브러리를 으로 지정 해야 합니다 /usr/lib/sssd/modules/libwbclient.so.*. 제대로 처리하기 위해 젠투에 버그 보고서를 보냈습니다.

관련 정보