> Basically Samba ignores the separate GID field in RFC2307bis, so one
> imagines the options for changing the LDAP attributes are none
> existent.
mmuserauth now has an option to use either the gid from the actual primary
group or the gid defined for the user. See:
group or the gid defined for the user. See:
--unixmap-domains unixDomainMap
[...]
win: Specifies the system to read the primary group set as Windows primary group of a user on the Active Directory.
[...]
win: Specifies the system to read the primary group set as Windows primary group of a user on the Active Directory.
unix: Specifies the system to read the primary group as set in "UNIX attributes" of a user on the Active Directory.
For example,
--unixmap-domains "MYDOMAIN1(20000-50000:unix);MYDOMAIN2(100000-200000:win)"
For example,
--unixmap-domains "MYDOMAIN1(20000-50000:unix);MYDOMAIN2(100000-200000:win)"
This gets mapped to 'idmap config ... : unix_primary_group' in the
internal config.
internal config.
Christof Schmitt || IBM || Spectrum Scale Development || Tucson, AZ
christof.schm...@us.ibm.com || +1-520-799-2469 (T/L: 321-2469)
----- Original message -----
From: Jonathan Buzzard <jonathan.buzz...@strath.ac.uk>
Sent by: gpfsug-discuss-boun...@spectrumscale.org
To: gpfsug main discussion list <gpfsug-discuss@spectrumscale.org>
Cc:
Subject: Re: [gpfsug-discuss] Question concerning integration of CES with AD authentication system
Date: Thu, May 24, 2018 7:50 AM
On Thu, 2018-05-24 at 14:16 +0000, Skylar Thompson wrote:
> I haven't needed to change the LDAP attributes that CES uses, but I
> do see --user-id-attrib in the mmuserauth documentation.
> Unfortunately, I don't see an equivalent one for gidNumber.
>
Is it not doing the "Samba thing" where your GID is the GID of your
primary Active Directory group? This is usually "Domain Users" but not
always.
Basically Samba ignores the separate GID field in RFC2307bis, so one
imagines the options for changing the LDAP attributes are none
existent.
I know back in the day this had me stumped for a while because unless
you assign a GID number to the users primary group then Winbind does
not return anything, aka a "getent passwd" on the user fails.
JAB.
--
Jonathan A. Buzzard Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss