On Tue, Oct 24, 2017 at 10:01:30AM -0000, [email protected] wrote: > Dear all, > > I would like to use SSSD's dmap_sss backend (1.15.3) for winbindd (Version > 4.6.7) to let SSSD map UIDs/GIDs and SIDs on a file server in an samba based > AD environment. I've followed the limited instructions of the man page but > from the logs it seems that winbindd does directly communicate with the AD > server. > > The major settings in smb.conf are: > [global] > workgroup = MYDOMAIN > realm = MYDOMAIN.COM > security = ads > > ... > > winbind use default domain = yes > winbind nss info = rfc2307 > # Default idmap config for local BUILTIN accounts and groups > idmap config * : range = 10000-19999 > # idmap config for MYDOMAIN > idmap config MYDOMAIN:backend = sss > idmap config MYDOMAIN:schema_mode = rfc2307 > idmap config MYDOMAIN:range = 500-9999 > > > What's wrong here? Could someone please provide me with a working example?
I think there is nothing wrong. SSSD's idmap plugin just provides the mapping form SID to UID/GID and back. All other data will be read by winbind from AD. This is to make sure that UIDs and GIDs are consistent for Samba components which might ask winbind directly for IDs and other applications which will use the system's nss interfaces. HTH bye, Sumit > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
