On Tue, 24 Nov 2015, Domineaux Philippe wrote:
So it seems that for a native ipa user ( in my case testipa ) , the uid is
return but for an AD user, it returns me zero.
The result is that when I am logged on a workstation using an AD account I
see nfs shares with nobody attributes.
Show your nsfidmap configuration, /etc/idmapd.conf. Are you using SSSD plugin
for translation?
[Translation]
Method = sss
GSS-Methods = sss
Specifically you may want to *not* try to consult LDAP from idmap, but
use a regex to transform the windows realm from upper case to lowercase
and then just use the getpwnam interface.
As you can see on my krb5.conf there is already a regex for the ipa realm =
auth_to_local =
RULE:[1:$1@$0](^.*@WINDOMAIN.LOCAL$)s/@WINDOMAIN.LOCAL/@windomain.local/
This is irrelevant for nfsidmap.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
