Hi folks,
I have a set of servers that CANNOT become enrolled IDM clients due to a
vendor refusing to support this type of config.
This server fleet is directly bound to an AD system via the standard
non-IPA "realm join ..." type commands
Since I can't bring these servers "into the fold" so to speak at the
very least I would love to offset at least one potential future problem
by seeing if I can help them configure sssd.conf on their local machines
to use the same AD SID-to-UID algorithm (complete with custom ID Range
values that we have enabled on the IPA master) so that they at least get
the same UID and GID values for their AD users as the same user would
get if they logged into the much larger fleet of IDM-managed servers.
Hope I'm asking the question properly -- in a nutshell I'm wondering how
to trick a standalone sssd.conf file so that it uses the same SID-to-UID
algorithm that an IDM master would use. This would at least let me get
consistent UID/GID values across my fleet of enrolled vs. non-enrolled
IDM clients ! Tips or advice appreciated even if the response is "heck
no; you can't do that .. "
Regards,
Chris