[Samba] id mapping

Rowland Penny rpenny at samba.org
Wed Sep 22 16:11:36 UTC 2021 

On Wed, 2021-09-22 at 11:00 -0500, Patrick Goetz via samba wrote:
> Hi -
> 
> On 9/20/21 09:51, Ralph Boehme wrote:
> > Am 20.09.21 um 16:42 schrieb Patrick Goetz via samba:
> > > Now it looks like I'm going to have to rethink the entire system 
> > > architecture if I want to upgrade the file server from Ubuntu
> > > 18.04 to 
> > > anything newer?  (Ubuntu 20.04 ships 4.11.6).  This is going to
> > > be a 
> > > problem, as all the files are related to the UIDs and GIDs
> > > generated 
> > > by sssd. I'm not sure that's realistic in a very active research 
> > > environment. The solution is likely going to involve virtualizing
> > > all 
> > > the Windows machines and using IOMMU to provide a PCIe
> > > passthrough for 
> > > whatever GPU's they need for processing.
> > 
> > sorry, tl;dr, at least not fully, but still wanted to mention...
> > 
> > > Any thoughts on this appreciated.
> > 
> > ...you could try to use the idmap sss backend. Unfortunately it's
> > not 
> > included in upstream Samba and therefor not available on Ubuntu.
> > Otho 
> > RHEL Samba ships it, if that helps.
> > 
> > Alternatively you could build Samba packages from source and
> > include the 
> > necessary patches, I have a WIP branch here:
> > 
> > <
> > https://git.samba.org/?p=slow/samba.git;a=shortlog;h=refs/heads/idmap_sss
> > >
> > 
> 
> I'm a bit confused about what this branch does; i.e. if it's just to 
> facilitate the use of idmap_sss, then why are patches needed? Aren't 
> people currently using idmap_sss with Samba, or is that only because 
> Redhat is patching Samba downstream and it doesn't work at all with 
> Ubuntu systems even when sss is installed?

OK, if you read the red hat 8 documentation:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/deploying_different_types_of_servers/assembly_using-samba-as-a-server_deploying-different-types-of-servers

It says this:

Important

Red Hat only supports running Samba as a server with the winbindd
service to provide domain users and groups to the local system. Due to
certain limitations, such as missing Windows access control list (ACL)
support and NT LAN Manager (NTLM) fallback, SSSD is not supported. 

Or to put it another way, not even red hat supports using sssd with
Samba.
 
> 
> I've read there's a memory leak in 4.11 anyway, and some people are 
> recommending the source: http://apt.van-belle.nl/
> as an alternative to the distro Samba packages available on
> Debian/Ubuntu.

I can highly recommend Louis's repo.

Rowland

More information about the samba mailing list