[Samba] Map sids to Unix UID and GID

John Drescher drescherjm at gmail.com
Tue Feb 3 15:38:12 GMT 2009

>> Do you have idmap configured?
> Thanks for getting back.   It looks like it is working now.  I had idmap
> turned on and using tbd.  All local account and groups on the system are
> managed via nss_ldap and a non windows directory.   I turned on winbindd but
> did not configure it in nsswitch.conf for nss_ldap, so I could get SID to
> name mapping, but I it did not resolve SID to uid. I also do domain name to
> local name mappping using "username map script:".
> I found a note talking about the "nss" backend. I used "idmap backend = nss"
> in the configuration file and that seems to do the job.  I can now use any
> group that is listed in "getent group" and "getent passwd" and when I do a
> getfacl I see the proper acls on the file.
> It took me awhile to find a reference to "idmap backend = nss".   Is this a
> well known backend?   Is there any information describing what it does and
> how it does it?

All I can say is I use that (nss backend) in a samba PDC domain (no
ADS) with linux and windows it fixed the problem that you describe. I
believe I found this via a google search but I did not find good
documentation on that.


More information about the samba mailing list