[Samba] SID mapping: Samba and SSSD

Rowland penny rpenny at samba.org
Thu Sep 3 20:41:03 UTC 2020

On 03/09/2020 21:09, Johan Hattne via samba wrote:
> On 2020-09-03 10:43, Rowland penny via samba wrote:
>> On 03/09/2020 18:04, Johan Hattne via samba wrote:
>>> Dear all;
>>> Would anybody be able to tell me what the idmap configuration is to 
>>> have Samba do the same SID-to-user/group mapping as the SSSD 
>>> defaults?  I was convinced I saw it on this list or the wiki not too 
>>> long ago, but I cannot seem to find it.
>>> // Best wishes; Johan
>> If you mean the large numbers that sssd seems to use, then that is 
>> probably not possible with Samba. From my understanding, sssd uses an 
>> algorithm that uses a combination of the domain SID and the 
>> user/group RID to calculate the Unix ID, or it uses the RFC2307 
>> attributes. Samba calculates from the user/group RID + the lower 
>> range you set in smb.conf, or it uses the RFC2307 attributes.
>> Can I ask why you asked ?
> This is an inherited environment originally set up with SSSD which I'd 
> like to migrate it to winbindd.  If I could find a way to match the 
> UIDs and GIDs, that would save some time.
> I believe that what I see so far matches what Andrew describes: for 
> some UID ranges, SSSD and winbind's autorid agree for others not.
> From this thread I gather the reason I did not find what I was 
> initially looking for is that I had only imagined its existence. 
> Thanks a lot for all your replies!
> // Cheers; Johan
I sort of thought that was the problem ;-)

What you could do is, set up a new fileserver using winbind with the 
same shares etc and then copy the files across from the sssd machine, 
this should get you the same ownerships etc.


More information about the samba mailing list