[Samba] Samba4 as DC, idmapping with different backend?

steve steve at steve-ss.com
Sat Jul 19 01:11:50 MDT 2014

On Sat, 2014-07-19 at 03:23 -0300, George wrote:
> > Hi
> > Ok, so why not try the sssd method for sid to idmapping? I know 1.12.0
> > has it and maybe some of the 1.11 series too. In fact I think it's the
> > default, as we had to turn it off for our AD (with rfc2307 in AD):
> >  ldap_id_mapping = False
> Yes, as I mentioned it is enabled and working great. Just that the
> "samba" binary (S4 ADDC) is not able to retrieve idmaps from it...
> Not a major issue for me for the time being, anyway. Nevertheless, I
> am looking forward for the winbind3 to winbind4 merge.
> Best regards,
> George

You do have sss specified for passwd and group in nsswitch.conf no? We
don't use winbind anywhere in the domain. sssd works on both DCs and
file servers independently of either smbd or samba.

Trying to visualise what you have and just wondering what you can do
with winbind/smbd that you can't do with sssd/samba. It must be to do
with the fact that we do not use an external idmap database. But then
again, in your setup you would be relying on both winbind and sssd to
maintain an external database with the sid to id mappings.

More information about the samba mailing list