[Samba] working well with sssd

Rowland Penny rpenny at samba.org
Thu Sep 23 09:20:00 UTC 2021

On Thu, 2021-09-23 at 21:04 +1200, Andrew Bartlett wrote:
> On Thu, 2021-09-23 at 10:53 +0200, Ralph Boehme via samba wrote:
> > There is a real need.
> > 
> > -slow
> There is also a real need for us to move past this 'we don't even try
> to work with sssd' thing.  That is both in terms of working in the
> code
> to make this 'just work' as much as can be done, with clear
> limitations
> specified, and in the practice on the list when queries come up.
> sssd has become established in terms of being the AD connector for
> Linux workstations and servers that don't run Samba.  We should
> congratulate their team for their achievements.  We were in the race,
> but didn't win this time.

Because we didn't try, you have been talking about doing a better
idmapping for the last 10 years that I know off, but that has all it
has been, talk.

> Shockingly we find that Samba isn't always the centre of the
> universe,
> and sometimes we will need to fit in with the organisational
> arrangements where 'best for Samba' isn't the primary
> criteria.  (Just
> as we exist to help linux systems fit into otherwise windows
> networks). 
> I would also really love Samba AD to be an even better server to
> sssd,
> and while also a code question, moving past this mode of interaction
> is
> an important step also.
> Andrew Bartlett

I do not think we need sssd, we just need to make Samba easier to set
up, something along the lines of a combination of the 'rid' and 'ad'
backends, the 'rid' for idmapping and 'ad' for the rest of the rfc2307
attributes. I cannot write 'C' code so cannot help here.

We either need to swallow sssd into Samba and alter it to our uses or
ignore it.


More information about the samba mailing list