cifs_idmap_sss.so as idmap-plugin for smb access
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sssd |
New
|
Undecided
|
Unassigned |
Bug Description
If no winbind is used as ID/Auth provider the idmap-plugin should not be linked against idmapwb.so.
The manpage for idmapwb.so says:
"This plugin requires that winbindd(8) be properly configured and running."
This is not the case if SSSD instead of winbind is used for authentication in an Active Directory.
RedHat says:
-------
4.2.4. Switching Between SSSD and Winbind for SMB Share Access
This procedure describes how you can switch between SSSD and Winbind plug-ins that are used for accessing SMB shares from SSSD clients.
Optional. Find out whether you are currently using SSSD or Winbind to access SMB shares from the SSSD client:
# alternatives --display cifs-idmap-plugin
cifs-
link currently points to /usr/lib/
/usr/
/usr/
Current `best' version is /usr/lib/
If the SSSD plug-in (cifs_idmap_sss.so) is installed, it has a higher priority than the Winbind plug-in (idmapwb.so) by default.
Before switching to the Winbind plug-in, make sure Winbind is running on the system:
# systemctl is-active winbind.service
active
Before switching to the SSSD plug-in, make sure SSSD is running on the system:
# systemctl is-active sssd.service
active
To switch to a different plug-in, use the alternatives --set cifs-idmap-plugin command, and specify the path to the required plug-in. For example, to switch to Winbind:
# alternatives --set cifs-idmap-plugin /usr/lib/
-------
https:/
-------
Although /usr/lib/
update-
does not list cifs_idmap_sss.so.
The cifs_idmap_sss.so is part of sssd-common /packages. ubuntu. com/bionic/ amd64/sssd- common/ filelist
https:/
I added it with priority of 50 (new default/auto): utils/idmap- plugin idmap-plugin /usr/lib/ x86_64- linux-gnu/ cifs-utils/ cifs_idmap_ sss.so 50 --slave /etc/cifs- utils// idmap-plugin. 8.gz idmap-plugin.8.gz /usr/share/ man/man8/ idmap_sss. 8.gz
$ sudo update-alternatives --install /etc/cifs-
$ sudo update-alternatives --query idmap-plugin utils/idmap- plugin utils// idmap-plugin. 8.gz x86_64- linux-gnu/ cifs-utils/ cifs_idmap_ sss.so x86_64- linux-gnu/ cifs-utils/ cifs_idmap_ sss.so
Name: idmap-plugin
Link: /etc/cifs-
Slaves:
idmap-plugin.8.gz /etc/cifs-
Status: auto
Best: /usr/lib/
Value: /usr/lib/
Alternative: /usr/lib/ x86_64- linux-gnu/ cifs-utils/ cifs_idmap_ sss.so man/man8/ idmap_sss. 8.gz
Priority: 50
Slaves:
idmap-plugin.8.gz /usr/share/
Alternative: /usr/lib/ x86_64- linux-gnu/ cifs-utils/ idmapwb. so man/man8/ idmapwb. 8.gz
Priority: 40
Slaves:
idmap-plugin.8.gz /usr/share/
NB Not sure if the man page should be updated like this - prob. not!