Hello, We want to switch from winbind to sssd. We have been using winbind for many years and have a configuration that does not seem to be compatible with sssd, at least I have not been able to find one. We use several Windows Active Directory servers. When we started using winbind, there were relatively few Linux hosts. Most of our clients and servers had a Windows operating system.
We decided to go with rid backends at that time. It works very well. Here are the settings from /etc/samba/smb.conf: # UID & GID Mapping with RID idmap config DOMAIN1:backend = rid idmap config DOMAIN1:range = 100000-349999 idmap config DOMAIN:base_rid = 0 idmap config DOMAIN2:backend = rid idmap config DOMAIN2:range = 350000-599999 idmap config DOMAIN2:base_rid = 0 idmap config *:backend = tdb idmap config *:range = 600000-849999 Now we would like to obtain the IDs of the users and groups in order to have a very low impact on the productive systems. We have found the appropriate setting for our primary domain (DOMAIN1). However, we have not yet found a way to implement this for our trusted domain (DOMAIN2). Here are the settings from /etc/sssd/sssd.conf: [sssd] domains = example1.com default_domain_suffix = example1.com config_file_version = 2 services = nss, pam [domain/example1.com] access_provider = ad id_provider = ad krb5_realm = EXAMPLE1.COM krb5_store_password_if_offline = True krb5_ccachedir = /tmp krb5_ccname_template = FILE:%d/.krb5cc_%U full_name_format = %1$s default_shell = /bin/bash cache_credentials = True realmd_tags = manages-system joined-with-adcli fallback_homedir = /home/DOMAIN1/%u override_homedir = /home/DOMAIN1/%u ad_domain = example1.com use_fully_qualified_names = True ldap_id_mapping = True ldap_schema = ad ldap_idmap_default_domain = example1.com ldap_idmap_range_min = 100000 ldap_idmap_range_max = 349999 I hope you have a solution for me. Regards Ralf -- _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
