On Tue, Oct 24, 2017 at 10:01:30AM -0000, rdratlos@yahoo.co.uk wrote:
Dear all,
I would like to use SSSD's dmap_sss backend (1.15.3) for winbindd (Version 4.6.7) to let SSSD map UIDs/GIDs and SIDs on a file server in an samba based AD environment. I've followed the limited instructions of the man page but from the logs it seems that winbindd does directly communicate with the AD server.
The major settings in smb.conf are: [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM security = ads
... winbind use default domain = yes winbind nss info = rfc2307 # Default idmap config for local BUILTIN accounts and groups idmap config * : range = 10000-19999 # idmap config for MYDOMAIN idmap config MYDOMAIN:backend = sss idmap config MYDOMAIN:schema_mode = rfc2307 idmap config MYDOMAIN:range = 500-9999
What's wrong here? Could someone please provide me with a working example?
I think there is nothing wrong. SSSD's idmap plugin just provides the mapping form SID to UID/GID and back. All other data will be read by winbind from AD. This is to make sure that UIDs and GIDs are consistent for Samba components which might ask winbind directly for IDs and other applications which will use the system's nss interfaces.
HTH
bye, Sumit
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org