[Samba] SID mapping: Samba and SSSD
Andrew Walker
walker.aj325 at gmail.com
Thu Sep 3 23:26:37 UTC 2020
On Thu, Sep 3, 2020 at 5:20 PM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 03/09/2020 22:08, Jeremy Allison wrote:
> > On Thu, Sep 03, 2020 at 05:05:46PM -0400, Andrew Walker via samba wrote:
> >> On Thu, Sep 3, 2020 at 4:45 PM Rowland penny via samba <
> >> samba at lists.samba.org> wrote:
> >>
> >>> On 03/09/2020 21:38, Robert Marcano wrote:
> >>>> On 9/3/20 4:35 PM, Rowland penny via samba wrote:
> >>>>> On 03/09/2020 21:15, Robert Marcano via samba wrote:
> >>>>>> There is an sssd provided idmapper (on RHEL/CentOS/Fedora) it is
> >>>>>> packaged as sssd-winbind-idmap. IIRC it doesn't reimplement the
> >>>>>> algorithm, just delegate to SSSD the mapping
> >>>>>>
> >>>>> idmap-sss used to be in the Samba tree, but when it is was going to
> >>>>> be removed, red-hat took it into their sssd tree.
> >>>>>
> >>>>> If you are using sssd with Samba >= 4.8.0 it is unsupported by
> >>>>> red-hat and Samba.
> >>>>>
> >>>>> Rowland
> >>>>>
> >>>>>
> >>>>>
> >>>> Continue saying you can't run latest Samba release all you wish, it
> >>>> doesn't make it truth. I will continue helping the original post.
> >>> I refer you to my other post
> >>>
> >>> Rowland Penny
> >>>
> >>> Samba team member
> >>>
> >> This does make me wonder whether it would be worth adding an optional
> >> non-default parameter to idmap_autorid to have it use the sssd slicing
> >> algorithm to determine ranges. Sort of like SSSD has an autorid
> >> compatibility parameter.
> > Happy to review if you write it :-). Anything that
> > will remove friction moving to/from winbindd/sssd
> > would be good for users !
>
> And I will be happy to 'NACK' it, we do not need another idmap backend,
> well not unless it it is a total rewrite to give us something like how
> RID works on Windows and is the only idmap backend.
>
I prefer not to have a proliferation of idmap backends. However, if we can
somehow make it so that a user can add "idmap config * : sssd_compate =
true" and have autorid figure out its extension ranges using an sssd-style
algorithm, that would probably be best.
More information about the samba
mailing list