[Samba] SID mapping: Samba and SSSD

Johan Hattne johan at hattne.se
Thu Sep 3 20:09:21 UTC 2020

On 2020-09-03 10:43, Rowland penny via samba wrote:
> On 03/09/2020 18:04, Johan Hattne via samba wrote:
>> Dear all;
>> Would anybody be able to tell me what the idmap configuration is to 
>> have Samba do the same SID-to-user/group mapping as the SSSD 
>> defaults?  I was convinced I saw it on this list or the wiki not too 
>> long ago, but I cannot seem to find it.
>> // Best wishes; Johan
> If you mean the large numbers that sssd seems to use, then that is 
> probably not possible with Samba. From my understanding, sssd uses an 
> algorithm that uses a combination of the domain SID and the user/group 
> RID to calculate the Unix ID, or it uses the RFC2307 attributes. Samba 
> calculates from the user/group RID + the lower range you set in 
> smb.conf, or it uses the RFC2307 attributes.
> Can I ask why you asked ?

This is an inherited environment originally set up with SSSD which I'd 
like to migrate it to winbindd.  If I could find a way to match the UIDs 
and GIDs, that would save some time.

I believe that what I see so far matches what Andrew describes: for some 
UID ranges, SSSD and winbind's autorid agree for others not.

 From this thread I gather the reason I did not find what I was 
initially looking for is that I had only imagined its existence.  Thanks 
a lot for all your replies!

// Cheers; Johan

More information about the samba mailing list