Are you creating the groups in LDAP as well? It seems that you aren’t. Just get rid of local groups and create the group in LDAP with the same GID. This will the GID will be consistent across machines.
Siddharth Choure Senior Systems Engineer Apartments.com | Apartment Home Living 175 W Jackson Blvd | Suite 800 | Chicago, IL 60604 P: (312) 508-6551 | C: (312) 288-1591 [email protected]<mailto:[email protected]> | www.apartments.com | www.ApartmentHomeLiving.com The First Name in Apartment Search From: Daniel Szortyka <[email protected]<mailto:[email protected]>> Date: Fri, 7 Feb 2014 17:47:11 -0200 To: <[email protected]<mailto:[email protected]>> Subject: how to manage groups in different machines using LDAP Hey guys, I'm new in the forum and new in the LDAP world. I have my environment set up and working fine so far. I have a LDAP server and few other stations which autenticate in my server, OK so far. However, I have applications running exclusively with a special group, let's say "SAS" and that's my problem. Group SAS in MachineA is GID = 501 (/etc/groups) Group SAS in MachineB is GID = 502 (/etc/groups) (this was defined some time ago.. every computer has a different GID for Group SAS) UserA was created with GID = 501 in LDAP. The problem is that when UserA authenticates in MachineB, he doesn't have a group assigned. I would like to know which direction I should go to make sure no matter what computer the user authenticates, he'll get the right group assigned. Tks in advance. -Daniel Szortyka Porto Alegre / RS / Brasil SysAdm at IBOPE Esta mensagem é destinada exclusivamente para a(s) pessoa(s) a quem é dirigida, podendo conter informação confidencial. Se você não for destinatário desta mensagem, desde já fica notificado de abster-se a divulgar, copiar, distribuir, examinar ou, de qualquer forma, utilizar a informação contida nesta mensagem, por ser ilegal. Caso você tenha recebido esta mensagem por engano, pedimos que nos retorne este E-Mail, promovendo, desde logo, a eliminação do seu conteúdo em sua base de dados, registros ou sistema de controle. This message is exclusively destined for the people to whom it is directed, and it can bear private and/or legally exceptional information. If you are not addressee of this message, since now you are advised to not release, copy, distribute, check or, otherwise, use the information contained in this message, because it is illegal. If you received this message by mistake, we ask you to return this email, making possible, as soon as possible, the elimination of its contents of your database, registrations or controls system. Este mensaje ha sido enviado exclusivamente para la(s) persona(s) destinataria(s) y puede contener información confidencial. Si Usted no es el destinatario, esta desde ya compelido a no divulgar, copiar, distribuir, examinar o, de cualquier manera, utilizar la información contenida en este mensaje, por razones legales. Caso Usted haya recibido este mensaje equivocadamente, favor contestar al remitente en forma inmediata, borrándolo de su base de datos, registros o sistema de control.
