Update: since CentOS 7.4 the sssd implementation supports also NTLM authentication!
It has been a long journey for sssd 1.15 to be ported to CentOS
- Issue #2012: [RFE] Support NTLM authentication when GSSAPI NTLM mech is available - sssd - Pagure.io
- 963341 – [RFE] NTLMSSP support in MIT GSSAPI
This means we can now switch to sssd module, and have a fully working ACL management from Windows clients!
With such enhancement from upstream, I think this workaround is not necessary any more; anyway thank you again @planet_jeroen for pointing me to the right direction.
To make the things work we need a couple of adjustments:
- Set
admin users = "@domain admins"on shared folders, in smb.conf - Revert the
alternativesconfiguration to the default sssd library
BTW I found the last sssd update left a dangling link. I think this is a bug to fix 