Sumit, thankyou. I will look at that tool. On 19 April 2018 at 17:11, Sumit Bose <[email protected]> wrote:
> On Thu, Apr 19, 2018 at 02:14:30PM +0200, John Hearns wrote: > > Hello all. I am currently working on a new project to configure sssd > > authentication, for Ubuntu clients. > > And hello to Lachlan Musicman - did not expect to see you here! > > > > I think this question must be asked many times. So forgive me. > > We have an existing set of Unix usernames/uids which are pushed out onto > > the client workstations vi a configuration management system. Ie there > are > > local /etc/passwd files which are updated when new users joint he > company. > > the uid range is 1000 to 3000 > > > > If we start to use sssd with AD authentication and the AD RID mapping, > then > > different UIDs will be reported. > > We do not wish to use the Posix attributes - the whole point is to reduce > > the manual steps needed when new accounts are created. > > > > So my questions are: > > > > a) is there any way to map AD RID style UIDs to existing UIDs (I have > > tried to search for this) > > > > b) other orgnisations have faced this. Is the only answer a script to > > chown each users files if they are transitioned over to AD? > > > > > > Also a question about pam_mkhomedir I have used this successfully in > the > > past, on a BeeGFS filesystem where all the clients have read/write > access. > > If the workstation is an NFS client, then creating a new home directory > for > > a user should not be possible, given that root squash is configured on > the > > NFS share. > > Is there a smart way to get pam_mkhomedir to work on an NFS client > system? > > Or perhaps the user needs to log into the NFS server system one time only > > (assuming logins are encouraged directly to servers like that anyway) > > > > Thanks for any thoughts and insights. > > Maybe https://jhrozek.wordpress.com/2016/02/15/sssd-local-overrides/ is > what you are looking for? > > HTH > > bye, > Sumit > > > John Hearns > > > _______________________________________________ > > sssd-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
