I have a set of servers that CANNOT become enrolled IDM clients due to a vendor refusing to support this type of config.
This server fleet is directly bound to an AD system via the standard non-IPA "realm join ..." type commands
Since I can't bring these servers "into the fold" so to speak at the very least I would love to offset at least one potential future problem by seeing if I can help them configure sssd.conf on their local machines to use the same AD SID-to-UID algorithm (complete with custom ID Range values that we have enabled on the IPA master) so that they at least get the same UID and GID values for their AD users as the same user would get if they logged into the much larger fleet of IDM-managed servers.
Hope I'm asking the question properly -- in a nutshell I'm wondering how to trick a standalone sssd.conf file so that it uses the same SID-to-UID algorithm that an IDM master would use. This would at least let me get consistent UID/GID values across my fleet of enrolled vs. non-enrolled IDM clients ! Tips or advice appreciated even if the response is "heck no; you can't do that .. "
Regards, Chris _______________________________________________ FreeIPA-users mailing list -- email@example.com To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org