Hi SSSD Users list,
Our AD domain is functional level '03 and it's about time we upgrade. We have a
little over twenty CentOS (vers. 5, 6 & 7) development servers which use AD for ssh
authentication and shared samba mounts.
The best info I found regarding this upgrade's impact on Linux shares &
authentication is this article from Centrify [1] which mentions that the smb service might
have to be restarted.
I also have not found a working reliable source for the best method to join additional
CentOS servers to the domain. Right now we're using a mix of samba and winbind for
centos 5/6 [2] and sssd for centos 7 [3]. My ignorance around Kerberos is vast and wonder
if/how that might play a role in this.
We did notice that with the standard sssd setup, our UID and GIDs were different so we
set:
--automatic-id-mapping=no
and then set the values for each user object manually within ADUC --> Attribute Editor
--> gidNumber and uidNumber to match what they reported from a CentOS 6 machine's
"id user" command.
I'm increasingly anxious about raising the functional level since it is a one-way
process with no rollback option. What are the best sources of information for managing AD
integration?
Thank you!
Mike
[1]
https://community.centrify.com/t5/TechBlog/Basics-Understanding-how-Activ...
[2]
https://www.server-world.info/en/note?os=CentOS_6&p=samba&f=7
[3]
https://www.server-world.info/en/note?os=CentOS_7&p=realmd