On 22/08/14 14:23, Andre Pitanga wrote:
Hi list-
I'm working on a project using Active Directory 2008 R2 with Identity Management for
UNIX service to provide authentication and identity for Linux users via sssd.
Using this setup, is it possible to have the Linux username and group name be the same
(e.g. user apache, group apache)?
You cannot have a 'user' object and a
'group' object with the same name,
further more, the example you give is a 'local unix' user and should not
be put into AD. If you did put them into AD, you would have to remove
them from /etc/passwd and if the domain went down for some reason, you
would have NO USERS at all.
If you are going to use AD, then I suggest that you do a bit more
research, it will not work the way you want it to, this has nothing to
do with sssd.
Rowland
I've learned that the sAMAccountName attribute must be unique
across the domain but I'm not sure if sssd uses this attribute to
"translate" the UID and GID to names in Linux. Hope this makes sense!
Our sssd.conf is:
[sssd]
config_file_version = 2
debug_level = 0
domains =
example.com
services = nss, pam
[
domain/example.com]
id_provider = ad
access_provider = ad
# We rely on UNIX extended attributes in AD
ldap_id_mapping = false
enumerate = true
--
Andre Pitanga RHCE 100-077-478
(917) 745-6256 andre.pitanga(a)redhat.com
Red Hat, Inc. Red Hat Consulting
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users