[Samba] id mapping

Rowland Penny rpenny at samba.org
Thu Sep 23 08:44:01 UTC 2021

On Thu, 2021-09-23 at 10:19 +0200, Ralph Boehme wrote:
> Am 23.09.21 um 09:57 schrieb Rowland Penny via samba:
> > Using sssd isn't supported by Samba because Samba doesn't produce
> > it
> > and, as I have shown previously, not even red hat supports its use
> > with Samba.
> Samba also doesn't produce libc or the kernel, still we consume those
> system components and generally get some sane behaviour out of the
> combined system.
> For some scenarious supporting sss in nsswitch.conf is certainly
> possible with a few caveats by using idmap_nss or preferrable
> idmap_sss.
> -slow

What you are saying is very possible, but, from my understanding, by
using idmap-sss you only get authentication, something you can get by
running winbind with idmap-rid. You can also get authentication by just
using sssd without Samba, so what is the actual point of idmap-sss ?

'idmap-sss' is not in the Samba tree and shouldn't be in the Samba
tree. It is where it belongs, in the sssd tree, because it is a part of
sssd. Also dragging libc and the kernel into this is, in my opinion, an
act of desperation, you know that there is no real need for idmap-sss.


More information about the samba mailing list