Ricerca

Questo contenuto non è disponibile nella lingua selezionata.

4.2. Using SMB shares with SSSD and Winbind

download PDF
This section describes how you can use SSSD clients to access and fully use shares based on the Server Message Block (SMB) protocol, also known as the Common Internet File System (CIFS) protocol.

Important

Using SSSD as a client in IdM or Active Directory domains has certain limitations, and Red Hat does not recommend using SSSD as ID mapping plug-in for Winbind. For further details, see the What is the support status for Samba file server running on IdM clients or directly enrolled AD clients where SSSD is used as the client daemon article.
SSSD does not support all the services that Winbind provides. For example, SSSD does not support authentication using the NT LAN Manager (NTLM) or NetBIOS name lookup. If you need these services, use Winbind. Note that in Identity Management domains, Kerberos authentication and DNS name lookup are available for the same purposes.

4.2.1. How SSSD Works with SMB

The SMB file-sharing protocol is widely used on Windows machines. In Red Hat Enterprise Linux environments with a trust between Identity Management and Active Directory, SSSD enables seamless use of SMB as if it was a standard Linux file system.
To access a SMB share, the system must be able to translate Windows SIDs to Linux POSIX UIDs and GIDs. SSSD clients use the SID-to-ID or SID-to-name algorithm, which enables this ID mapping.

4.2.2. Switching Between SSSD and Winbind for SMB Share Access

This procedure describes how you can switch between SSSD and Winbind plug-ins that are used for accessing SMB shares from SSSD clients. For Winbind to be able to access SMB shares, you need to have the cifs-utils package installed on your client. To make sure that cifs-utils is installed on your machine:
$ rpm -q cifs-utils
  1. Optional. Find out whether you are currently using SSSD or Winbind to access SMB shares from the SSSD client:
    # alternatives --display cifs-idmap-plugin
    cifs-idmap-plugin - status is auto.
     link currently points to /usr/lib64/cifs-utils/cifs_idmap_sss.so
    /usr/lib64/cifs-utils/cifs_idmap_sss.so - priority 20
    /usr/lib64/cifs-utils/idmapwb.so - priority 10
    Current `best' version is /usr/lib64/cifs-utils/cifs_idmap_sss.so.
    If the SSSD plug-in (cifs_idmap_sss.so) is installed, it has a higher priority than the Winbind plug-in (idmapwb.so) by default.
  2. Before switching to the Winbind plug-in, make sure Winbind is running on the system:
    # systemctl is-active winbind.service
    active
    Before switching to the SSSD plug-in, make sure SSSD is running on the system:
    # systemctl is-active sssd.service
    active
  3. To switch to a different plug-in, use the alternatives --set cifs-idmap-plugin command, and specify the path to the required plug-in. For example, to switch to Winbind:
    # alternatives --set cifs-idmap-plugin /usr/lib64/cifs-utils/idmapwb.so

Note

The 32-bit version platform, such as i686 in RHEL 7, uses the /usr/lib/cifs-utils/ directory instead of /usr/lib64/cifs-utils/.
Red Hat logoGithubRedditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita ilBlog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

© 2024 Red Hat, Inc.