The Samba-Bugzilla – Bug 9092
Apparent contradiction wrt "foreign SID/domain" in Samba-Guide 7.3.1 "Samba Domain with Samba Domain Member Server -- Using NSS LDAP"
Last modified: 2012-08-12 21:04:09 UTC
first the chapter says "The primary purpose of running winbindd (within this operational context) is to permit mapping of foreign SIDs (those not originating from the the local Samba server). Foreign SIDs can come from any domain member client or server, or from Windows clients that do not belong to a domain."
Then, later, it says "The IDMAP facility will be used for all foreign (i.e., not having the same SID as the domain it is a member of) domains."
The 2nd sentence says "foreign domain"; however, the first paragraph implies that IDMAP would be used for "foreign SIDs". The former includes all SIDs that don't originate from the local Samba server, thus also SID from the domain it is a member of; the latter sentence specifically excludes these SIDs.
This appears to be a contradiction and is thus confusing.