On Thu, Feb 14, 2013 at 11:24:23AM +0000, Longina Przybyszewska wrote:
UID/GID allocating – is my missing link.
We need to renumber at least UIDs as they overlap across NIS domains.
As all users have in advance AD account it seems obvious to me to generate posix uid
based on AD IDs.
If you're renumbering the UIDs (and by extension changing the file
permissions) anyway, you might as well go with the ID mapping feature
completely.
…Or just assign Linux UIDs numbers during migrating.
What about making new accounts in the future – how the uid would be generated for Linux
Users?
Do we need a special group say ‘linuxusers’ then make a new template for new account in
the group?
Can AD make for us also continuously unique POSIX UIDs when creating the new account?
I don’t know YET much about MSWin identification process – sorry for very basic questions
;).
I understand that the approach with RID (real ID ??) mapping achieves consistent name
mapping across all types file servers –
am I right?
I'm not sure what you mean by "across all types of file servers" but
the mapping should be consistent, yes.
But maybe in sssd context it doesn’t make sense – as Ondrej points
out.
Ondrej, if you say “sssd can serve automount maps for automounter” – that means sssd can
read ldap automounter map, and do
it automatically if we define autofs service in [nss] but first automounter has to know
about sssd and link to sssd libraries?
See
http://jhrozek.livejournal.com/2500.html for example.
Alternative, now we have to convert NIS auto.home maps to ldap
format, and load them to AD (???), then reconfigure automounter to
ask AD for entry instead of NIS.
By the way how do I find what class/attributes I want in AD-ldap for autofs?
Longina