[Samba] SID mapping: Samba and SSSD
Johan Hattne
johan at hattne.se
Thu Sep 3 20:09:21 UTC 2020
On 2020-09-03 10:43, Rowland penny via samba wrote:
> On 03/09/2020 18:04, Johan Hattne via samba wrote:
>> Dear all;
>>
>> Would anybody be able to tell me what the idmap configuration is to
>> have Samba do the same SID-to-user/group mapping as the SSSD
>> defaults? I was convinced I saw it on this list or the wiki not too
>> long ago, but I cannot seem to find it.
>>
>> // Best wishes; Johan
>>
> If you mean the large numbers that sssd seems to use, then that is
> probably not possible with Samba. From my understanding, sssd uses an
> algorithm that uses a combination of the domain SID and the user/group
> RID to calculate the Unix ID, or it uses the RFC2307 attributes. Samba
> calculates from the user/group RID + the lower range you set in
> smb.conf, or it uses the RFC2307 attributes.
>
> Can I ask why you asked ?
This is an inherited environment originally set up with SSSD which I'd
like to migrate it to winbindd. If I could find a way to match the UIDs
and GIDs, that would save some time.
I believe that what I see so far matches what Andrew describes: for some
UID ranges, SSSD and winbind's autorid agree for others not.
From this thread I gather the reason I did not find what I was
initially looking for is that I had only imagined its existence. Thanks
a lot for all your replies!
// Cheers; Johan
More information about the samba
mailing list