On Tue, 24 Nov 2015, Domineaux Philippe wrote:
So it seems that for a native ipa user ( in my case testipa ) , the uid is
return but for an AD user, it returns me zero.
The result is that when I am logged on a workstation using an AD account I
see nfs shares with nobody attributes.
Show your nsfidmap configuration, /etc/idmapd.conf. Are you using SSSD plugin
Method = sss
GSS-Methods = sss
Specifically you may want to *not* try to consult LDAP from idmap, but
use a regex to transform the windows realm from upper case to lowercase
and then just use the getpwnam interface.
As you can see on my krb5.conf there is already a regex for the ipa realm =
This is irrelevant for nfsidmap.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project