[Samba] SID mapping: Samba and SSSD
Andrew Walker
walker.aj325 at gmail.com
Thu Sep 3 23:22:49 UTC 2020
On Thu, Sep 3, 2020 at 5:08 PM Jeremy Allison <jra at samba.org> wrote:
> On Thu, Sep 03, 2020 at 05:05:46PM -0400, Andrew Walker via samba wrote:
> > On Thu, Sep 3, 2020 at 4:45 PM Rowland penny via samba <
> > samba at lists.samba.org> wrote:
> >
> > > On 03/09/2020 21:38, Robert Marcano wrote:
> > > > On 9/3/20 4:35 PM, Rowland penny via samba wrote:
> > > >> On 03/09/2020 21:15, Robert Marcano via samba wrote:
> > > >>>
> > > >>> There is an sssd provided idmapper (on RHEL/CentOS/Fedora) it is
> > > >>> packaged as sssd-winbind-idmap. IIRC it doesn't reimplement the
> > > >>> algorithm, just delegate to SSSD the mapping
> > > >>>
> > > >> idmap-sss used to be in the Samba tree, but when it is was going to
> > > >> be removed, red-hat took it into their sssd tree.
> > > >>
> > > >> If you are using sssd with Samba >= 4.8.0 it is unsupported by
> > > >> red-hat and Samba.
> > > >>
> > > >> Rowland
> > > >>
> > > >>
> > > >>
> > > > Continue saying you can't run latest Samba release all you wish, it
> > > > doesn't make it truth. I will continue helping the original post.
> > >
> > > I refer you to my other post
> > >
> > > Rowland Penny
> > >
> > > Samba team member
> > >
> >
> > This does make me wonder whether it would be worth adding an optional
> > non-default parameter to idmap_autorid to have it use the sssd slicing
> > algorithm to determine ranges. Sort of like SSSD has an autorid
> > compatibility parameter.
>
> Happy to review if you write it :-). Anything that
> will remove friction moving to/from winbindd/sssd
> would be good for users !
>
We can sometimes get into this pickle ourselves integrating into existing
environments. Maybe next time I have insomnia I'll throw together something
along these lines (unless someone beats me to the punch).
More information about the samba
mailing list