On Thu, 2021-09-23 at 10:19 +0200, Ralph Boehme wrote:> Am 23.09.21 um 09:57 schrieb Rowland Penny via samba: > > Using sssd isn't supported by Samba because Samba doesn't produce > > it > > and, as I have shown previously, not even red hat supports its use > > with Samba. > > Samba also doesn't produce libc or the kernel, still we consume those > system components and generally get some sane behaviour out of the > combined system. > > For some scenarious supporting sss in nsswitch.conf is certainly > possible with a few caveats by using idmap_nss or preferrable > idmap_sss. > > -slowWhat you are saying is very possible, but, from my understanding, by using idmap-sss you only get authentication, something you can get by running winbind with idmap-rid. You can also get authentication by just using sssd without Samba, so what is the actual point of idmap-sss ? 'idmap-sss' is not in the Samba tree and shouldn't be in the Samba tree. It is where it belongs, in the sssd tree, because it is a part of sssd. Also dragging libc and the kernel into this is, in my opinion, an act of desperation, you know that there is no real need for idmap-sss. Rowland
Am 23.09.21 um 10:44 schrieb Rowland Penny via samba:> What you are saying is very possible, but, from my understanding, by > using idmap-sss you only get authentication,no. You get idmappings from sssd. This has nothing to do with authentication.> something you can get by running winbind with idmap-rid.no.> You can also get authentication by just using sssd without Samba, so > what is the actual point of idmap-sss ?idmapping.> 'idmap-sss' is not in the Samba tree and shouldn't be in the Samba > tree.It should and I guess it will at some point if I find the time to drive this integration.> It is where it belongs, in the sssd tree, because it is a part > of sssd. Also dragging libc and the kernel into this is, in my > opinion, an act of desperation, you know that there is no real need > for idmap-sss.There is a real need. -slow -- Ralph Boehme, Samba Team https://samba.org/ SerNet Samba Team Lead https://sernet.de/en/team-samba -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20210923/1386c8bf/OpenPGP_signature.sig>