Bug 9092 - Apparent contradiction wrt "foreign SID/domain" in Samba-Guide 7.3.1 "Samba Domain with Samba Domain Member Server -- Using NSS LDAP"
Summary: Apparent contradiction wrt "foreign SID/domain" in Samba-Guide 7.3.1 "Samba D...
Status: NEW
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Docs (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: John H Terpstra (mail address dead(
QA Contact: Samba Documentation QA Contact~
Depends on:
Reported: 2012-08-12 21:04 UTC by Andras Korn
Modified: 2012-08-12 21:04 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Andras Korn 2012-08-12 21:04:09 UTC

first the chapter says "The primary purpose of running winbindd (within this operational context) is to permit mapping of foreign SIDs (those not originating from the the local Samba server). Foreign SIDs can come from any domain member client or server, or from Windows clients that do not belong to a domain."

Then, later, it says "The IDMAP facility will be used for all foreign (i.e., not having the same SID as the domain it is a member of) domains."

The 2nd sentence says "foreign domain"; however, the first paragraph implies that IDMAP would be used for "foreign SIDs". The former includes all SIDs that don't originate from the local Samba server, thus also SID from the domain it is a member of; the latter sentence specifically excludes these SIDs.

This appears to be a contradiction and is thus confusing.