On Thu, Apr 19, 2018 at 02:14:30PM +0200, John Hearns wrote:
Hello all. I am currently working on a new project to configure
sssd
authentication, for Ubuntu clients.
And hello to Lachlan Musicman - did not expect to see you here!
I think this question must be asked many times. So forgive me.
We have an existing set of Unix usernames/uids which are pushed out onto
the client workstations vi a configuration management system. Ie there are
local /etc/passwd files which are updated when new users joint he company.
the uid range is 1000 to 3000
If we start to use sssd with AD authentication and the AD RID mapping, then
different UIDs will be reported.
We do not wish to use the Posix attributes - the whole point is to reduce
the manual steps needed when new accounts are created.
So my questions are:
a) is there any way to map AD RID style UIDs to existing UIDs (I have
tried to search for this)
b) other orgnisations have faced this. Is the only answer a script to
chown each users files if they are transitioned over to AD?
Also a question about pam_mkhomedir I have used this successfully in the
past, on a BeeGFS filesystem where all the clients have read/write access.
If the workstation is an NFS client, then creating a new home directory for
a user should not be possible, given that root squash is configured on the
NFS share.
Is there a smart way to get pam_mkhomedir to work on an NFS client system?
Or perhaps the user needs to log into the NFS server system one time only
(assuming logins are encouraged directly to servers like that anyway)
Thanks for any thoughts and insights.
Maybe
https://jhrozek.wordpress.com/2016/02/15/sssd-local-overrides/ is
what you are looking for?
HTH
bye,
Sumit
John Hearns
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org