On 02/21/2017 09:10 PM, Hanoz Elavia wrote:
Hello,

I've got the FreeIPA server with AD trust (Server 2008 R2) setup and
running. I can login successfully on linux clients using AD credentials.
I'm now trying to setup my Isilon storage appliance with mixed mode file
sharing.

The filer has joined the AD so it provides Windows users access to the
files. However, being a legacy client, it uses simple bind to query ldap
for uid and gid. I was able to setup FreeIPA as the ldap server but it
doesn't seem to return the uid and gid for AD objects.

The query my storage is using is as follows:

ldapsearch -x -W -z 10 -H ldap://ipa.server.com <http://ipa.server.com>
-b 'cn=compat,dc=ipa,dc=server,dc=com' -D
'uid=binduser,cn=users,cn=accounts,dc=ipa,dc=server,dc=com'
'(|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=nisNetgroup)(objectClass=person))'

The following command will obtain all the IDs for the native FreeIPA
users / groups but don't return any results for AD users. Is there a way
to get this done? I can't install any clients on the Isilon as it uses a
BSD based proprietary software. I can manually map FreeIPA assigned uids
/ gids but that's tedious and error prone. Any help would be appreciated.

Regards,

H.



Hi Hanoz,

please bear in mind that in AD trust scenario the AD users are *not* stored on IPA server so you have to query AD DC directly for AD user attributes.

--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to