samba - Nov 2022 - Is idmap backend nss still a thing?

Hello Samba world

Is idmap backend nss still supported/in use for winbind?  My unix rfc2307 user
info is available in a unix LDAP system (currently used by ssh via sssd) so I
could use it whilst we contemplate AD migration

Any issues with winbind/sssd?  Red Hat 7 and 8 domain member servers

Thanks,

Robert Vaughan



----------------------------------------------------------------------
This is an e-mail from General Dynamics Land Systems. It is for the intended
recipient only and may contain confidential and privileged information.  No one
else may read, print, store, copy, forward or act in reliance on it or its
attachments.  If you are not the intended recipient, please return this message
to the sender and delete the message and any attachments from your computer.
Your cooperation is appreciated.

On Wed, 2022-11-30 at 20:01 +0000, Vaughan, Robert J via samba
wrote:
> Hello Samba world
> 
> Is idmap backend nss still supported/in use for winbind?  My unix
> rfc2307 user info is available in a unix LDAP system (currently used
> by ssh via sssd) so I could use it whilst we contemplate AD migration
> 
> Any issues with winbind/sssd?  Red Hat 7 and 8 domain member servers
> 
Expect the usual Samba/sssd warnings to be given, but on your strict
question, yes idmap_nss is still a thing (mostly aimed at users with a
traditional LDAP backend for unix names) and is tested.

Indeed it is likely to be more secure and better behaved then the other
ways we try to fallback to local unix names.

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions