On Thu, 2013-06-06 at 10:25 +0200, steve wrote: > On Wed, 2013-06-05 at 23:13 +0100, Jonathan Buzzard wrote: > > > > > As far as I can tell sssd does not provide a mechanism for the smbd on > > at least 3.5 (the 4.x series might be different but the OP is running > > 3.6) to see an incoming SID and work out the UID. > > It would be pretty useless without. It does the same job as nss-ldapd > and idmap_rid.
Not really, sssd is primarily designed for attaching a Linux/Unix box to a domain and getting a UID/GID, group membership etc. for a username. I can attach my Linux workstation to AD and everything is good, and there is absolutely no need to do anything with a SID. Excepting internally the libsss_ad backend might want to turn a UID into a SID to check on group membership. However there would be no need to expose this outside the backend. You only need to be able to turn a SID into a UID or GID or username if you have a Windows client attaching to your Linux/Unix box wanting file serving. Looking at the Samba 3.x source (specifically 3.6.15) I can find absolutely no reference whatsoever to sssd. I am somewhat at a loss to understand how a smbd process can therefore use sssd to turn a SID into a UID etc. For the OP who is running Debian the sssd packages are not a dependency or even suggested for any of the Samba packages. So given the OP wants consistent UID's on presumably his Samba file server running a 3.6.x variant of Samba how does sssd help? JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
