Centos file server: Samba/winbind + NFS permissions

Issues related to applications and software problems
Post Reply
derokk
Posts: 5
Joined: 2022/08/16 17:44:27

Centos file server: Samba/winbind + NFS permissions

Post by derokk » 2022/08/17 11:28:04

Hello everyone,

I have mounted on my Centos 7 server the SSSD and Samba/Winbind services to make share directories on my network. The authentication is done by Active Directory and allows access to directories depending on the membership of security groups (everything works perfectly)

As I have several Linux computers on my network, I would also like to share the same directories but in NFS. Could someone point me to sites that clearly explain how to manage access permissions to a directory shared with NFS? I managed to do my exports (on the server) and do my mounts on a client device but it doesn't recognize the security group membership (it seems).

NFS version 3
Centos version 7.9
Samba version 4.10.16

Best regards,

tunk
Posts: 1205
Joined: 2017/02/22 15:08:17

Re: Centos file server: Samba/winbind + NFS permissions

Post by tunk » 2022/08/17 15:15:05

No expert, but I think UID and GID are stored on the file system, so I guess
username/UID and groupname/GID have to be identical on all systems.

Edit: And that all users have the same group memberships.

derokk
Posts: 5
Joined: 2022/08/16 17:44:27

Re: Centos file server: Samba/winbind + NFS permissions

Post by derokk » 2022/08/17 15:18:04

My guess was that NFS would use UID/GID from sssd to get their values. Or do I need to "import" all active directory security group (with GID on the file server?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Centos file server: Samba/winbind + NFS permissions

Post by TrevorH » 2022/08/17 15:36:40

To use NFS you need uids to match exactly between all systems that use it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

derokk
Posts: 5
Joined: 2022/08/16 17:44:27

Re: Centos file server: Samba/winbind + NFS permissions

Post by derokk » 2022/08/17 15:42:57

In active directory all user and security groups have their own uid/gid

I was hoping that NFS would be able to read it like Samba/winbind does.

Does the security group need to be also created locally on the file server?

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: Centos file server: Samba/winbind + NFS permissions

Post by Whoever » 2022/08/20 16:42:38

TrevorH wrote:
2022/08/17 15:36:40
To use NFS you need uids to match exactly between all systems that use it.

Doesn't idmapd map names so that uids don't have to match?

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Centos file server: Samba/winbind + NFS permissions

Post by jlehtone » 2022/08/20 18:16:41

Whoever wrote:
2022/08/20 16:42:38
TrevorH wrote:
2022/08/17 15:36:40
To use NFS you need uids to match exactly between all systems that use it.
Doesn't idmapd map names so that uids don't have to match?
In theory, with NFSv4. However, I'd rather not put that into test if I can avoid it.

derokk
Posts: 5
Joined: 2022/08/16 17:44:27

Re: Centos file server: Samba/winbind + NFS permissions

Post by derokk » 2022/08/22 12:40:52

Maybe it's not possible to achieve what I'm trying to do?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Centos file server: Samba/winbind + NFS permissions

Post by TrevorH » 2022/08/22 12:58:14

It's possible.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply