[Samba] ACL's and SSSD
jorgito1412 at gmail.com
Thu Sep 4 21:57:24 MDT 2014
I believe that the key here is to use idmap nss configured with the ranges
that sssd assigned to your domain (or setting the default domain in
sssd.conf so it gets the first slice), for example:
# Keep in mind that you NEED to specify the * range
# for the BUILTIN mappings to occur, choose a non-
# overlapping range
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config MYDOMAIN:backend = nss
idmap config MYDOMAIN:range = 200000-399999
You should replace the 200000-399999 range with the slice that sssd
assigned to your domain (by default, its size is 200000). For a cleaner
approach you can set
ldap_idmap_default_domain_sid = YOUR_DOMAIN_SID
And you will get all IDs mapped within the 200000-399999 range.
This way, all attempts to get UIDs within that range will be directed to
sssd via nss.
Hope this helps!
More information about the samba