Hello Samba world Is idmap backend nss still supported/in use for winbind? My unix rfc2307 user info is available in a unix LDAP system (currently used by ssh via sssd) so I could use it whilst we contemplate AD migration Any issues with winbind/sssd? Red Hat 7 and 8 domain member servers Thanks, Robert Vaughan ---------------------------------------------------------------------- This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.
On Wed, 2022-11-30 at 20:01 +0000, Vaughan, Robert J via samba wrote:> Hello Samba world > > Is idmap backend nss still supported/in use for winbind? My unix > rfc2307 user info is available in a unix LDAP system (currently used > by ssh via sssd) so I could use it whilst we contemplate AD migration > > Any issues with winbind/sssd? Red Hat 7 and 8 domain member servers >Expect the usual Samba/sssd warnings to be given, but on your strict question, yes idmap_nss is still a thing (mostly aimed at users with a traditional LDAP backend for unix names) and is tested. Indeed it is likely to be more secure and better behaved then the other ways we try to fallback to local unix names. Andrew Bartlett -- Andrew Bartlett (he/him) samba.org/~abartlet Samba Team Member (since 2001) samba.org Samba Team Lead, Catalyst IT catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions