On Fri, Apr 07, 2017 at 08:42:39PM -0000, smfrench(a)gmail.com wrote:
The sssd man page notes limited support for Well-Known SIDs
"SSSD
supports to look up the names of Well-Known SIDs, i.e. SIDs with a
special hardcoded meaning. Since the generic users and groups related
to those Well-Known SIDs have no equivalent in a Linux/UNIX
environment no POSIX IDs are available for those objects" - but
doesn't indicate which ones are supported see
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85...
Thank you for the hint, I agree it would be good to have an easy way to
check which Well-Known SIDs are spported.
In a typical environment (or does RHEL have an ad script for this
already) do you do as we have been doing and manually map these to
posix groups "net groupmap add Administrators ..." and "net groupmap
add Users ..." and "net groupmap add Guests ..." and "net groupmap
add
Authenticated Users ..." or does sssd with the winbind plugin take
care of this in a different way?
No, this is currently not handled at all, mainly because I assumed that
winbind will handle this mapping internally before consulting the idmap
plugins and there are no other services which will make use of the
Well-Known SIDs.
Please let me if this assumption is wrong and winbind expects
that the idmap plugins take care of mapping then to local IDs.
bye,
Sumit
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org