On Fri, Apr 07, 2017 at 08:42:39PM -0000, [email protected] wrote: > The sssd man page notes limited support for Well-Known SIDs "SSSD > supports to look up the names of Well-Known SIDs, i.e. SIDs with a > special hardcoded meaning. Since the generic users and groups related > to those Well-Known SIDs have no equivalent in a Linux/UNIX > environment no POSIX IDs are available for those objects" - but > doesn't indicate which ones are supported see > https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx
Thank you for the hint, I agree it would be good to have an easy way to check which Well-Known SIDs are spported. > > In a typical environment (or does RHEL have an ad script for this > already) do you do as we have been doing and manually map these to > posix groups "net groupmap add Administrators ..." and "net groupmap > add Users ..." and "net groupmap add Guests ..." and "net groupmap add > Authenticated Users ..." or does sssd with the winbind plugin take > care of this in a different way? No, this is currently not handled at all, mainly because I assumed that winbind will handle this mapping internally before consulting the idmap plugins and there are no other services which will make use of the Well-Known SIDs. Please let me if this assumption is wrong and winbind expects that the idmap plugins take care of mapping then to local IDs. bye, Sumit > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
