On Tue, 24 Nov 2015, Domineaux Philippe wrote:
So it seems that for a native ipa user ( in my case testipa ) , the uid is
return but for an AD user, it returns me zero.
The result is that when I am logged on a workstation using an AD account I
see nfs shares with nobody attributes.
Show your nsfidmap configuration, /etc/idmapd.conf. Are you using SSSD plugin 
for translation?

Method = sss
GSS-Methods = sss

Specifically you may want to *not* try to consult LDAP from idmap, but
use a regex to transform the windows realm from upper case to lowercase
and then just use the getpwnam interface.

As you can see on my krb5.conf there is already a regex for the ipa realm =

auth_to_local = 
This is irrelevant for nfsidmap.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to