On Mon, 17 Dec 2012 21:25:43 -0500, Dmitri Pal wrote: On 12/17/2012
09:00 PM, Andrew Wygle wrote:
Hello,
Thanks to the help of this list I
successfully got SSSD to authenticate against a Windows Server 2008 R2
Active Directory domain controller. SSH logins work. I am, however, having
a problem with UID and GID mappings. I have set the following mappings in
sssd.conf:
ldap_user_uid_number = uidNumber
ldap_user_gid_number =
gidNumber
ldap_group_gid_number = gidNumber
I know these are the
defaults, but I specified them explicitly just in case. I see the same
behavior with them unset, which makes sense.
When I go to look up a
user's information, either with getent or by logging in as them and running
id, I see that their UIDs and GIDs are set to ridiculously large values.
Take Bob as an example. I expect him to have UID 1001 and GID 1003, because
that's what's specified in Active Directory and when I run ldapsearch
that's what I see as the uidNumber and gidNumber properties. However, I get
the following result from getent passwd bob:
bob:*:863601112:863600513:Bobby Wallingford:/home/bob:/bin/bash
This is
internally consistent - if I do getent group on Bob's primary group, it
returns the same GID as the one Bob is set to. However, I don't see the
same behavior on a Mac that is joined to our domain - there, id bob returns
1001 as his UID and 1003 as his GID. The only thing in the logs that looks
much like an error is a line that looks like:
[sssd[be[domain.com]]]
[sdap_save_group] (0x1000): Mapping user [bob] objectSID to unix ID
(replace user with group and bob with the group name when searching for
groups). This doesn't exactly seem correct, but also doesn't seem like it
would produce the error I'm seeing.
I didn't see any obvious pattern to
the bits either (endianness error, inverted somehow, some kind of weird
sign error, etc).
Any help will be appreciated.
Which version of SSSD
we are talking about?
Thanks,
~Andrew Wygle
_______________________________________________
sssd-devel mailing
list
sssd-devel(a)lists.fedorahosted.org
[1]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel [2]
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat
Inc.
-------------------------------
Looking to carve out IT
costs?
www.redhat.com/carveoutcosts/ [3]
Wow, sorry about that. 1.9.3 is
the version.
~Andrew Wygle
Links:
------
[1]
mailto:sssd-devel@lists.fedorahosted.org
[2]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
[3]
http://www.redhat.com/carveoutcosts/