On Thu, Sep 3, 2020 at 4:45 PM Rowland penny via samba < samba at lists.samba.org> wrote:> On 03/09/2020 21:38, Robert Marcano wrote: > > On 9/3/20 4:35 PM, Rowland penny via samba wrote: > >> On 03/09/2020 21:15, Robert Marcano via samba wrote: > >>> > >>> There is an sssd provided idmapper (on RHEL/CentOS/Fedora) it is > >>> packaged as sssd-winbind-idmap. IIRC it doesn't reimplement the > >>> algorithm, just delegate to SSSD the mapping > >>> > >> idmap-sss used to be in the Samba tree, but when it is was going to > >> be removed, red-hat took it into their sssd tree. > >> > >> If you are using sssd with Samba >= 4.8.0 it is unsupported by > >> red-hat and Samba. > >> > >> Rowland > >> > >> > >> > > Continue saying you can't run latest Samba release all you wish, it > > doesn't make it truth. I will continue helping the original post. > > I refer you to my other post > > Rowland Penny > > Samba team member >This does make me wonder whether it would be worth adding an optional non-default parameter to idmap_autorid to have it use the sssd slicing algorithm to determine ranges. Sort of like SSSD has an autorid compatibility parameter.
On Thu, Sep 03, 2020 at 05:05:46PM -0400, Andrew Walker via samba wrote:> On Thu, Sep 3, 2020 at 4:45 PM Rowland penny via samba < > samba at lists.samba.org> wrote: > > > On 03/09/2020 21:38, Robert Marcano wrote: > > > On 9/3/20 4:35 PM, Rowland penny via samba wrote: > > >> On 03/09/2020 21:15, Robert Marcano via samba wrote: > > >>> > > >>> There is an sssd provided idmapper (on RHEL/CentOS/Fedora) it is > > >>> packaged as sssd-winbind-idmap. IIRC it doesn't reimplement the > > >>> algorithm, just delegate to SSSD the mapping > > >>> > > >> idmap-sss used to be in the Samba tree, but when it is was going to > > >> be removed, red-hat took it into their sssd tree. > > >> > > >> If you are using sssd with Samba >= 4.8.0 it is unsupported by > > >> red-hat and Samba. > > >> > > >> Rowland > > >> > > >> > > >> > > > Continue saying you can't run latest Samba release all you wish, it > > > doesn't make it truth. I will continue helping the original post. > > > > I refer you to my other post > > > > Rowland Penny > > > > Samba team member > > > > This does make me wonder whether it would be worth adding an optional > non-default parameter to idmap_autorid to have it use the sssd slicing > algorithm to determine ranges. Sort of like SSSD has an autorid > compatibility parameter.Happy to review if you write it :-). Anything that will remove friction moving to/from winbindd/sssd would be good for users !
On 03/09/2020 22:05, Andrew Walker wrote:> This does make me wonder whether it would be worth adding an optional > non-default parameter to idmap_autorid to have it use the sssd slicing > algorithm to determine ranges. Sort of like SSSD has an autorid > compatibility parameter.I thought that autorid used something similar already ? The big problem with anything that doesn't calculate an ID from the RID (idmap_rid) or use a set ID (idmap_ad) is collisions. Rowland
On 03/09/2020 22:08, Jeremy Allison wrote:> On Thu, Sep 03, 2020 at 05:05:46PM -0400, Andrew Walker via samba wrote: >> On Thu, Sep 3, 2020 at 4:45 PM Rowland penny via samba < >> samba at lists.samba.org> wrote: >> >>> On 03/09/2020 21:38, Robert Marcano wrote: >>>> On 9/3/20 4:35 PM, Rowland penny via samba wrote: >>>>> On 03/09/2020 21:15, Robert Marcano via samba wrote: >>>>>> There is an sssd provided idmapper (on RHEL/CentOS/Fedora) it is >>>>>> packaged as sssd-winbind-idmap. IIRC it doesn't reimplement the >>>>>> algorithm, just delegate to SSSD the mapping >>>>>> >>>>> idmap-sss used to be in the Samba tree, but when it is was going to >>>>> be removed, red-hat took it into their sssd tree. >>>>> >>>>> If you are using sssd with Samba >= 4.8.0 it is unsupported by >>>>> red-hat and Samba. >>>>> >>>>> Rowland >>>>> >>>>> >>>>> >>>> Continue saying you can't run latest Samba release all you wish, it >>>> doesn't make it truth. I will continue helping the original post. >>> I refer you to my other post >>> >>> Rowland Penny >>> >>> Samba team member >>> >> This does make me wonder whether it would be worth adding an optional >> non-default parameter to idmap_autorid to have it use the sssd slicing >> algorithm to determine ranges. Sort of like SSSD has an autorid >> compatibility parameter. > Happy to review if you write it :-). Anything that > will remove friction moving to/from winbindd/sssd > would be good for users !And I will be happy to 'NACK' it, we do not need another idmap backend, well not unless it it is a total rewrite to give us something like how RID works on Windows and is the only idmap backend. There would be no friction if everyone would accept that using sssd with Samba is no longer supported by anyone. Red-Hat could make this more obvious by removing sssd-winbind-idmap, their documentation says it use isn't supported. Rowland
On Thu, Sep 3, 2020 at 5:08 PM Jeremy Allison <jra at samba.org> wrote:> On Thu, Sep 03, 2020 at 05:05:46PM -0400, Andrew Walker via samba wrote: > > On Thu, Sep 3, 2020 at 4:45 PM Rowland penny via samba < > > samba at lists.samba.org> wrote: > > > > > On 03/09/2020 21:38, Robert Marcano wrote: > > > > On 9/3/20 4:35 PM, Rowland penny via samba wrote: > > > >> On 03/09/2020 21:15, Robert Marcano via samba wrote: > > > >>> > > > >>> There is an sssd provided idmapper (on RHEL/CentOS/Fedora) it is > > > >>> packaged as sssd-winbind-idmap. IIRC it doesn't reimplement the > > > >>> algorithm, just delegate to SSSD the mapping > > > >>> > > > >> idmap-sss used to be in the Samba tree, but when it is was going to > > > >> be removed, red-hat took it into their sssd tree. > > > >> > > > >> If you are using sssd with Samba >= 4.8.0 it is unsupported by > > > >> red-hat and Samba. > > > >> > > > >> Rowland > > > >> > > > >> > > > >> > > > > Continue saying you can't run latest Samba release all you wish, it > > > > doesn't make it truth. I will continue helping the original post. > > > > > > I refer you to my other post > > > > > > Rowland Penny > > > > > > Samba team member > > > > > > > This does make me wonder whether it would be worth adding an optional > > non-default parameter to idmap_autorid to have it use the sssd slicing > > algorithm to determine ranges. Sort of like SSSD has an autorid > > compatibility parameter. > > Happy to review if you write it :-). Anything that > will remove friction moving to/from winbindd/sssd > would be good for users ! >We can sometimes get into this pickle ourselves integrating into existing environments. Maybe next time I have insomnia I'll throw together something along these lines (unless someone beats me to the punch).