[Samba] id mapping

Rowland Penny rpenny at samba.org
Thu Sep 23 08:55:41 UTC 2021

On Thu, 2021-09-23 at 10:10 +0200, cn--- via samba wrote:
> Am 23.09.21 um 09:57 schrieb Rowland Penny via samba:
> > There appears to be two camps in red hat, one accepts that you
> > shouldn't use sssd with Samba >=4.8.0 , the other will not accept
> > this.
> > Also if you do use sssd with Samba, there are numerous problems,
> > one of
> > which is that RHEL 8 no longer has libpam-krb5
> I have to chime in here. I have said this before you can use sssd
> with 
> Samba and Winbind. The Howtos are behind a paywall (well you don't
> have 
> to pay just register) at RedHat.
> With idmap_sss
> https://access.redhat.com/solutions/3802321
> And here without idmap_sss
> https://access.redhat.com/solutions/4290501
> In the later case Auth is done by windbind. How this works without 
> pam_krb I do not know but it works for us.

There you go, the left hand says you cannot use sssd with Samba and the
right hand says you can, but no matter, that is red hat. Samba does not
produce SSSD, so Samba cannot support it. By support, I mean fix errors
in its code and advise users how to it, this is red hat's job.


More information about the samba mailing list