On 9 February 2017 at 19:06, <[email protected]> wrote: > One of the more common cases for sssd (or winbind) with RFC2307 seems to be > getting uids/gids from Active Directory domains, but few Active Directories > have all of their users/groups configured for the POSIX uid/gid. > > How can you configure sssd behavior for this common case (among the three > behaviors that might be desired): > > 1) query AD for the Unix uid/gid and fail if that particular user is not > configured with a uid (this seems to be what sss always does and isn't really > practical given how unlikely that AD is configured perfectly for unix uids)
FWIW, my company found 1) pretty practical, as I wrote a pretty short bit of Powershell which looks through AD for users and groups without POSIX attributes, and sets them (UID/GID becomes the user's RID + a static offset). This script runs every hour, and means all AD users and groups have POSIX attributes. Cheers, John -- John Beranek To generalise is to be an idiot. http://redux.org.uk/ -- William Blake _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
