id mapping, rfc2307 and real customer environments

Richard Sharpe realrichardsharpe at
Tue May 17 22:06:27 UTC 2016

Hi folks,

We have a customer environment where all the UNIX users are isolated
in a special domain, lets call it UNIX.EXAMPLE.COM. They also have
their Windows users scattered around domains like COAL.EXAMPLE.COM and
GAS.EXAMPLE.COM. Those users who have both UNIX and Windows accounts
have their RFC2307 attributes in UNIX.EXAMPLE.COM and attributes on
their account in their home domain that points to their account in the


This means that during id mapping we would have to extract the
attribute that points to their UNIX.EXAMPLE.COM account from their
home domain, then lookup the uidNumber and whatever for that account
in the UNIX.EXAMPLE.COM account.

Even worse, users who do not have UNIX accounts do not have an entry

It would seem that the rfc2307 id mapping module is not going to be
able to deal with such a setup.

Are there any alternatives or do we have to write our own id mapping module?

Can sssd work for this? Does it integrate well enough with Samba as a
member server?

Richard Sharpe

More information about the samba-technical mailing list