Sumit, thankyou. I will look at that tool.
On 19 April 2018 at 17:11, Sumit Bose <sbose(a)redhat.com> wrote:
On Thu, Apr 19, 2018 at 02:14:30PM +0200, John Hearns wrote:
> Hello all. I am currently working on a new project to configure sssd
> authentication, for Ubuntu clients.
> And hello to Lachlan Musicman - did not expect to see you here!
>
> I think this question must be asked many times. So forgive me.
> We have an existing set of Unix usernames/uids which are pushed out onto
> the client workstations vi a configuration management system. Ie there
are
> local /etc/passwd files which are updated when new users joint he
company.
> the uid range is 1000 to 3000
>
> If we start to use sssd with AD authentication and the AD RID mapping,
then
> different UIDs will be reported.
> We do not wish to use the Posix attributes - the whole point is to reduce
> the manual steps needed when new accounts are created.
>
> So my questions are:
>
> a) is there any way to map AD RID style UIDs to existing UIDs (I have
> tried to search for this)
>
> b) other orgnisations have faced this. Is the only answer a script to
> chown each users files if they are transitioned over to AD?
>
>
> Also a question about pam_mkhomedir I have used this successfully in
the
> past, on a BeeGFS filesystem where all the clients have read/write
access.
> If the workstation is an NFS client, then creating a new home directory
for
> a user should not be possible, given that root squash is configured on
the
> NFS share.
> Is there a smart way to get pam_mkhomedir to work on an NFS client
system?
> Or perhaps the user needs to log into the NFS server system one time only
> (assuming logins are encouraged directly to servers like that anyway)
>
> Thanks for any thoughts and insights.
Maybe
https://jhrozek.wordpress.com/2016/02/15/sssd-local-overrides/ is
what you are looking for?
HTH
bye,
Sumit
> John Hearns
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org