Hi Sumit,
understood. The configuration seems to be correct.
This is to make sure that UIDs and GIDs are consistent
for Samba components which might ask winbind directly for IDs and other
applications which will use the system's nss interfaces.
This is exactly the reason, why I want winbind to use the idmap_sss backend.
I have seen that the mapping is cached by at least three caches (windbind: gencache,
winbindd_cache; sssd: sss cache). Are there any timeout recommendations for sssd and
winbindd caches for the mapping to work properly?
Also, is there an easy way to log sss_idmap backend interworking with winbind?
I had following wrong entry in the the caches for a long time (with several reboots,
restarts of winbind d and sssd):
wbind -i rdratlos (from windbindd with sss_idmap)
rdratlos:*:10000:10006:Thomas Xyz:/home/MYDOMAIN/rdratlos:/bin/false
getent passwd rdratlos (from sssd)
rdratlos@mydomain.com:*:1000:513:Thomas Xyz:/home/MYDOMAIN/rdratlos:/bin/bash
Only a combination of
sss_cache -E
net cache flush
systemctl restart winbindd
seemed to have fixed this to:
wbind -i rdratlos (from windbindd with sss_idmap)
rdratlos:*:1000:513:Thomas Xyz:/home/MYDOMAIN/rdratlos:/bin/false
Best regards
Thomas