On 30/10/2020 11:06, Ralph Boehme via samba wrote:> Am 10/30/20 um 10:20 AM schrieb Thomas Besser via samba: >> Can I configure winbind to use 'local' users and groups from NSS? > there's idmap_nss that may work for you. > > -slowAlready mentioned that, problem is it is an allocating backend, unless I am reading the manpage wrong. Rowland
Am 10/30/20 um 12:11 PM schrieb Rowland penny via samba:> On 30/10/2020 11:06, Ralph Boehme via samba wrote: >> Am 10/30/20 um 10:20 AM schrieb Thomas Besser via samba: >>> Can I configure winbind to use 'local' users and groups from NSS? >> there's idmap_nss that may work for you. >> >> -slow > > Already mentioned that, problem is it is an allocating backend, unless I > am reading the manpage wrong.ah, missed that. :) idmap_nss is not an allocating backend, I guess the manpage text might be a bit misleading. -slow -- Ralph Boehme, Samba Team https://samba.org/ Samba Developer, SerNet GmbH https://sernet.de/en/samba/ GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20201030/55c5a928/signature.sig>
On 30/10/2020 11:20, Ralph Boehme wrote:> Am 10/30/20 um 12:11 PM schrieb Rowland penny via samba: >> On 30/10/2020 11:06, Ralph Boehme via samba wrote: >>> Am 10/30/20 um 10:20 AM schrieb Thomas Besser via samba: >>>> Can I configure winbind to use 'local' users and groups from NSS? >>> there's idmap_nss that may work for you. >>> >>> -slow >> Already mentioned that, problem is it is an allocating backend, unless I >> am reading the manpage wrong. > ah, missed that. :) > > idmap_nss is not an allocating backend, I guess the manpage text might > be a bit misleading. > > -slow >A bit ? 'while using allocation to create new mappings' I have never used this backend, but what you are saying is that it will use the SID from AD? and map this to a Unix user or group. For the OP this would probably entail creating Unix users & groups with the uidNumber or gidNumbers from LDAP. If this is the case, you might just as well add these *idNumbers to AD and use the winbind 'ad' backend. Rowland