On Thu, Apr 19, 2018 at 02:14:30PM +0200, John Hearns wrote: > Hello all. I am currently working on a new project to configure sssd > authentication, for Ubuntu clients. > And hello to Lachlan Musicman - did not expect to see you here! > > I think this question must be asked many times. So forgive me. > We have an existing set of Unix usernames/uids which are pushed out onto > the client workstations vi a configuration management system. Ie there are > local /etc/passwd files which are updated when new users joint he company. > the uid range is 1000 to 3000 > > If we start to use sssd with AD authentication and the AD RID mapping, then > different UIDs will be reported. > We do not wish to use the Posix attributes - the whole point is to reduce > the manual steps needed when new accounts are created. > > So my questions are: > > a) is there any way to map AD RID style UIDs to existing UIDs (I have > tried to search for this) > > b) other orgnisations have faced this. Is the only answer a script to > chown each users files if they are transitioned over to AD? > > > Also a question about pam_mkhomedir I have used this successfully in the > past, on a BeeGFS filesystem where all the clients have read/write access. > If the workstation is an NFS client, then creating a new home directory for > a user should not be possible, given that root squash is configured on the > NFS share. > Is there a smart way to get pam_mkhomedir to work on an NFS client system? > Or perhaps the user needs to log into the NFS server system one time only > (assuming logins are encouraged directly to servers like that anyway) > > Thanks for any thoughts and insights.
Maybe https://jhrozek.wordpress.com/2016/02/15/sssd-local-overrides/ is what you are looking for? HTH bye, Sumit > John Hearns > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
