Hi Sumit, understood. The configuration seems to be correct.
> This is to make sure that UIDs and GIDs are consistent > for Samba components which might ask winbind directly for IDs and other > applications which will use the system's nss interfaces. This is exactly the reason, why I want winbind to use the idmap_sss backend. I have seen that the mapping is cached by at least three caches (windbind: gencache, winbindd_cache; sssd: sss cache). Are there any timeout recommendations for sssd and winbindd caches for the mapping to work properly? Also, is there an easy way to log sss_idmap backend interworking with winbind? I had following wrong entry in the the caches for a long time (with several reboots, restarts of winbind d and sssd): wbind -i rdratlos (from windbindd with sss_idmap) rdratlos:*:10000:10006:Thomas Xyz:/home/MYDOMAIN/rdratlos:/bin/false getent passwd rdratlos (from sssd) rdrat...@mydomain.com:*:1000:513:Thomas Xyz:/home/MYDOMAIN/rdratlos:/bin/bash Only a combination of sss_cache -E net cache flush systemctl restart winbindd seemed to have fixed this to: wbind -i rdratlos (from windbindd with sss_idmap) rdratlos:*:1000:513:Thomas Xyz:/home/MYDOMAIN/rdratlos:/bin/false Best regards Thomas _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org