idmap_sss 8 idmap_sss SSSD's idmap_sss Backend for Winbind The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. No database is required in this case as the mapping is done by SSSD. range = low - high Defines the available matching UID and GID range for which the backend is authoritative. This example shows how to configure idmap_sss as the default mapping module. [global] security = ads workgroup = <AD-DOMAIN-SHORTNAME> idmap config <AD-DOMAIN-SHORTNAME> : backend = sss idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647 idmap config * : backend = tdb idmap config * : range = 100000-199999 Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of the AD domain. If multiple AD domains should be used each domain needs an idmap config line with backend = sss and a line with a suitable range. Since Winbind requires a writeable default backend and idmap_sss is read-only the example includes backend = tdb as default.