One of the more common cases for sssd (or winbind) with RFC2307 seems to be getting uids/gids from Active Directory domains, but few Active Directories have all of their users/groups configured for the POSIX uid/gid.
How can you configure sssd behavior for this common case (among the three behaviors that might be desired): 1) query AD for the Unix uid/gid and fail if that particular user is not configured with a uid (this seems to be what sss always does and isn't really practical given how unlikely that AD is configured perfectly for unix uids) 2) query AD for the Unix uid/gid and if that user is not configured with a uid map to a default uid (uid of something like "guest" or "defaultuser" or whatever) 3) query AD for the Unix uid/gid and if that user is not configured with a uid map algorithmically I didn't see much useful on this topic at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System-Level_Authentication_Guide/Configuring_Domains.html#SSSD-AD If sssd doesn't do that, is this a case where winbind can do it better? or is there a way to configure nssswitch passwd line to fallback to a 3rd trivial alternative (files sss default e.g.) that provides a default uid for a user@domain who does not have a uid/gid configured in AD? _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
