Thanks to all those who helped me work out the domain member ship for file servers in Linux was best performed with Winbind. This problem is now resolved.
I need to use Rocky to server up an SMB3 share as SMB1 (NT1) so that only specific legacy machines can write to it (firewall rules) using SMB1 but the original file system is the same.
I have managed to create version 1 and 2 and 3 shares and tested.
However when I mount the Windows Share - the mount command overwrites the owner of the folder to root - and then I cannot write only read via the re-share as version1.
So Rocky mounts the SMBv3 share served from windows - correcty,
It redistributes this share as an NT1 share via Samba - however unlike the native linux folders as the Windows mount takes place the root of the share’s folder permissions are over written.
I have tried samba force user force group and mount -noperm - to no effect.
Can anyone offer any advice - I am sure I’ve done something similar to this before in Debian, however this is a rocky and windows club I’m in :)
This come up fairly often (whomever thought embedding computers, that you cannot update, in very expensive and long lived machinery, wasn’t the full load).
This is fairly easy to fix (without the mount), you just set ‘server min protocol = NT1’ in the smb.conf file on the rocky machine, the legacy machine can then connect to it. The rocky machines client side of Samba (which defaults to ‘client min protocol = SMB2_02’) can then connect to the rest of the network.
As for mounting a share from the network, this doesn’t really have anything to do with Samba, it is done via cifs-utils, but have you tried the ‘multiuser’ option ?
Thanks for your input on this and the Winbind - which is working perfectly.
There seems to be a seperate SSSD if you want a user experience - Winbind if you want a file server. Getent is the telling command that you’ve got that right for me.
No I haven’t tried the multiuser option - it feels as if I need to add my Windows user to the wheels and mount as that user - I have’nt see if I am able to do that. The mnt/windowshare folder has the correct permissions as soon as the CIFS mount takes place either from fstab or mount commands the base folder permissions are overwritten … mmmm…
sssd only does authentication, whilst winbind does authentication and fileserver, if you want the fileserver, then you must run winbind, at which point, there is no point to running sssd as well.
As for multiuser, I suggest you read ‘man mount.cifs’, the only down side to it is, you have to use kerberos, but, as you appear to be in a domain, that shouldn’t be a problem.