How? In fact, to late, already got it.
What about schema for Posix users? It wasn't there before sfu.
Best,
Longina
Hello Steve, thank you for the fast reply. I was aware of the AD ldap schema.
I’m avoiding to mess with Unix specific atributes inside AD because Microsoft started the
decommissioning of Unix Services. Today still exists hacks to enable the UNIX Attributes
tab in the User Preferences, but they can only be enabled activating Services for NIS from
the Powershell.
I know it’s an option, but the whole point of using SSSD is to avoid messing with AD. If
it’s impossible to achieve in the SSSD side, that will be the solution for the second
issue.
Thank you,
Vinícius.
Hi there,
So what is the scenario for minimal possible AD mess - do not use at all Posix
Attributes?
If we don't plan to use Nis services, but need Posix schema and Posix attributes for
searching uid/gid /autofs maps- are we not safe?
It is important decision for our project, as we are just about to ask for "messing
AD" by attaching gid number for existing AD groups and keep gid number assigning for
all groups created in the future.
It seems to be the rightest way to achieve unique uid/gid on the Linux clients, as we
have different kind of storage (Sun storage) often with own algorithm of resolving
Uids&group id from SID in AD forest with trusted domains.
I even don't know how much mess is it with assigning gid number to all
AD groups - is it just a piece of cake which MS admins would love? ;(
What could be the safe concept (not IPA yet ) for AD Linux integration with sssd to be on
the safe side against MS decommissioning of Unix Services ?
Hi
You do not need sfu to use posix attributes in AD.
HTH
Steve
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users