System Version: 25.04.1
My goal: Allow AD users in LXC to write to disk mounted to instance based on ACLs defined in TrueNAS host.
Key config:
So, to summarise those screenshots, I have configured AD in TrueNAS. I have built a user in my AD, and given that user rwx permissions to a dataset via the ACL editor in TrueNAS. I have mounted that dataset to my instance (running Debian 12), joined the instance to the domain via realmd, and adjusted the sssd.conf file to map the uid/gids exactly as is configured (by default) in TrueNAS. That is, my pbsbackup@DOMAIN user has the same UID in both TrueNAS and my domain member instance LXC.
Now, when I attempt to map the uid to the instance:
“[EPERM] Users provided by a directory service must be modified through the identity provider (LDAP server or domain controller).”
I’m still a novice when it comes to id mapping, LXCs, and Linux in general, so maybe my approach here isn’t ideal. Firstly, is what I’m trying to do logical, or even possible? If not, what are the recommended steps to achieve what I’m aiming for here? Is there a solution that avoids having to mount SMB/NFS shares into the instance?