On Mon, 17 Dec 2012 21:25:43 -0500, Dmitri Pal <dpal@redhat.com> wrote:

On 12/17/2012 09:00 PM, Andrew Wygle wrote:

Hello,

Thanks to the help of this list I successfully got SSSD to authenticate against a Windows Server 2008 R2 Active Directory domain controller. SSH logins work. I am, however, having a problem with UID and GID mappings. I have set the following mappings in sssd.conf:

ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_group_gid_number = gidNumber

I know these are the defaults, but I specified them explicitly just in case. I see the same behavior with them unset, which makes sense.

When I go to look up a user's information, either with getent or by logging in as them and running id, I see that their UIDs and GIDs are set to ridiculously large values. Take Bob as an example. I expect him to have UID 1001 and GID 1003, because that's what's specified in Active Directory and when I run ldapsearch that's what I see as the uidNumber and gidNumber properties. However, I get the following result from getent passwd bob:

bob:*:863601112:863600513:Bobby Wallingford:/home/bob:/bin/bash

This is internally consistent - if I do getent group on Bob's primary group, it returns the same GID as the one Bob is set to. However, I don't see the same behavior on a Mac that is joined to our domain - there, id bob returns 1001 as his UID and 1003 as his GID. The only thing in the logs that looks much like an error is a line that looks like:

[sssd[be[domain.com]]] [sdap_save_group] (0x1000): Mapping user [bob] objectSID to unix ID

(replace user with group and bob with the group name when searching for groups). This doesn't exactly seem correct, but also doesn't seem like it would produce the error I'm seeing.

I didn't see any obvious pattern to the bits either (endianness error, inverted somehow, some kind of weird sign error, etc).

Any help will be appreciated.


Which version of SSSD we are talking about?

Thanks,

~Andrew Wygle



_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel



-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/


Wow, sorry about that. 1.9.3 is the version.

~Andrew Wygle