I’m new to SSSD in general. I configured a RHEL 6.5 machines to authenticate against a
2008 R2 AD using ldap_id_mapping because our AD does not have unix information defined for
users. All appears to be working well. I had to add override_homedir = /home/%u to get
home directories to to be created by oddjob mkhomedir.
The only problem is the group ownership on the home directory is “domain users” rather
than the user’s private group. The default permissions also allow domain users
read/execute access to the home directory.
It looks like you can change the umask used in /etc/pam.d/system-auth-ac, but I don’t see
where I can control the group information. Any suggestions on best practices on how to fix
this? I was surprised it wasn’t in the docs.
-John