[Samba] SID mapping: Samba and SSSD

Rowland penny rpenny at samba.org
Thu Sep 3 21:20:09 UTC 2020

On 03/09/2020 22:08, Jeremy Allison wrote:
> On Thu, Sep 03, 2020 at 05:05:46PM -0400, Andrew Walker via samba wrote:
>> On Thu, Sep 3, 2020 at 4:45 PM Rowland penny via samba <
>> samba at lists.samba.org> wrote:
>>> On 03/09/2020 21:38, Robert Marcano wrote:
>>>> On 9/3/20 4:35 PM, Rowland penny via samba wrote:
>>>>> On 03/09/2020 21:15, Robert Marcano via samba wrote:
>>>>>> There is an sssd provided idmapper (on RHEL/CentOS/Fedora) it is
>>>>>> packaged as sssd-winbind-idmap. IIRC it doesn't reimplement the
>>>>>> algorithm, just delegate to SSSD the mapping
>>>>> idmap-sss used to be in the Samba tree, but when it is was going to
>>>>> be removed, red-hat took it into their sssd tree.
>>>>> If you are using sssd with Samba >= 4.8.0 it is unsupported by
>>>>> red-hat and Samba.
>>>>> Rowland
>>>> Continue saying you can't run latest Samba release all you wish, it
>>>> doesn't make it truth. I will continue helping the original post.
>>> I refer you to my other post
>>> Rowland Penny
>>> Samba team member
>> This does make me wonder whether it would be worth adding an optional
>> non-default parameter to idmap_autorid to have it use the sssd slicing
>> algorithm to determine ranges. Sort of like SSSD has an autorid
>> compatibility parameter.
> Happy to review if you write it :-). Anything that
> will remove friction moving to/from winbindd/sssd
> would be good for users !

And I will be happy to 'NACK' it, we do not need another idmap backend, 
well not unless it it is a total rewrite to give us something like how 
RID works on Windows and is the only idmap backend.

There would be no friction if everyone would accept that using sssd with 
Samba is no longer supported by anyone. Red-Hat could make this more 
obvious by removing sssd-winbind-idmap, their documentation says it use 
isn't supported.


More information about the samba mailing list