Pesquisar
SuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

4.2. Using SMB shares with SSSD and Winbind

download PDF
This section describes how you can use SSSD clients to access and fully use shares based on the Server Message Block (SMB) protocol, also known as the Common Internet File System (CIFS) protocol.

Important

Using SSSD as a client in IdM or Active Directory domains has certain limitations, and Red Hat does not recommend using SSSD as ID mapping plug-in for Winbind. For further details, see the What is the support status for Samba file server running on IdM clients or directly enrolled AD clients where SSSD is used as the client daemon article.
SSSD does not support all the services that Winbind provides. For example, SSSD does not support authentication using the NT LAN Manager (NTLM) or NetBIOS name lookup. If you need these services, use Winbind. Note that in Identity Management domains, Kerberos authentication and DNS name lookup are available for the same purposes.

4.2.1. How SSSD Works with SMB

The SMB file-sharing protocol is widely used on Windows machines. In Red Hat Enterprise Linux environments with a trust between Identity Management and Active Directory, SSSD enables seamless use of SMB as if it was a standard Linux file system.
To access a SMB share, the system must be able to translate Windows SIDs to Linux POSIX UIDs and GIDs. SSSD clients use the SID-to-ID or SID-to-name algorithm, which enables this ID mapping.

4.2.2. Switching Between SSSD and Winbind for SMB Share Access

This procedure describes how you can switch between SSSD and Winbind plug-ins that are used for accessing SMB shares from SSSD clients. For Winbind to be able to access SMB shares, you need to have the cifs-utils package installed on your client. To make sure that cifs-utils is installed on your machine: 
$ rpm -q cifs-utils
  1. Optional. Find out whether you are currently using SSSD or Winbind to access SMB shares from the SSSD client: 
    # alternatives --display cifs-idmap-plugin
cifs-idmap-plugin - status is auto.
 link currently points to /usr/lib64/cifs-utils/cifs_idmap_sss.so
/usr/lib64/cifs-utils/cifs_idmap_sss.so - priority 20
/usr/lib64/cifs-utils/idmapwb.so - priority 10
Current `best' version is /usr/lib64/cifs-utils/cifs_idmap_sss.so.
    If the SSSD plug-in (cifs_idmap_sss.so) is installed, it has a higher priority than the Winbind plug-in (idmapwb.so) by default.
  2. Before switching to the Winbind plug-in, make sure Winbind is running on the system: 
    # systemctl is-active winbind.service
active
    Before switching to the SSSD plug-in, make sure SSSD is running on the system: 
    # systemctl is-active sssd.service
active
  3. To switch to a different plug-in, use the alternatives --set cifs-idmap-plugin command, and specify the path to the required plug-in. For example, to switch to Winbind: 
    # alternatives --set cifs-idmap-plugin /usr/lib64/cifs-utils/idmapwb.so

Note

The 32-bit version platform, such as i686 in RHEL 7, uses the /usr/lib/cifs-utils/ directory instead of /usr/lib64/cifs-utils/.
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja oBlog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

© 2024 Red Hat, Inc.