[Samba] SID mapping: Samba and SSSD

Rowland penny rpenny at samba.org
Thu Sep 3 19:15:19 UTC 2020

On 03/09/2020 20:01, Andrew Walker wrote:
> Whoops, fumbled my response a bit. slice size by default is 200,000, 
> and to clarify the SID passed into murmur3() is the domain SID, not 
> SID of individual user. Though, manpage for sssd-ad should be 
> consulted for precise details. My understanding though is as long as 
> everything fits in one slice, then you can just use RID. If you have 
> multiple slices, you're stuck with non-deterministic behavior from 
> SSSD and so can continue to use RID in winbind config. Although, I'm 
> happy for someone to prove me wrong (which is the way things usually 
> happen when you open your mouth). :)

I don't think this is going to work, from my understanding sssd 
calculates the Unix ID from the SID and the result may not be 
deterministic and there is is certainly no way that you could reproduce 
this with the winbind 'rid' backend.

Can we please forget that sssd exists ? It doesn't work with Samba any 
more (even red-hat admits that).


More information about the samba mailing list