[Samba] SID mapping: Samba and SSSD

Robert Marcano robert at marcanoonline.com
Thu Sep 3 20:15:57 UTC 2020


On 9/3/20 2:19 PM, Jeremy Allison via samba wrote:
> On Thu, Sep 03, 2020 at 06:43:32PM +0100, Rowland penny via samba wrote:
>> On 03/09/2020 18:04, Johan Hattne via samba wrote:
>>> Dear all;
>>>
>>> Would anybody be able to tell me what the idmap configuration is to have
>>> Samba do the same SID-to-user/group mapping as the SSSD defaults?  I was
>>> convinced I saw it on this list or the wiki not too long ago, but I
>>> cannot seem to find it.
>>>
>>> // Best wishes; Johan
>>>
>> If you mean the large numbers that sssd seems to use, then that is probably
>> not possible with Samba. From my understanding, sssd uses an algorithm that
>> uses a combination of the domain SID and the user/group RID to calculate the
>> Unix ID, or it uses the RFC2307 attributes. Samba calculates from the
>> user/group RID + the lower range you set in smb.conf, or it uses the RFC2307
>> attributes.
> 
> Hmmm. Would it be useful to add an idmap backend
> that uses the same algorithm ?
> 

There is an sssd provided idmapper (on RHEL/CentOS/Fedora) it is 
packaged as sssd-winbind-idmap. IIRC it doesn't reimplement the 
algorithm, just delegate to SSSD the mapping



More information about the samba mailing list