Hi All, I'm relatively new to SSSD, and this has me stumped. I'm trying to override the default GID for all the users on a OEL 7 system. I set override_gid = 100 in sssd.conf, but as far as i can tell nothing's happening. Looking into the sssd cache, I see:
dn: name=rice...@ad3.ucdavis.edu,cn=users,cn=ad3.ucdavis.edu,cn=sysdb createTimestamp: 1536876547 fullName: riceboy gecos: riceboy gidNumber: 846575921 name: rice...@ad3.ucdavis.edu objectCategory: user uidNumber: 190295 When I set auto_private_groups = true, the GID does change: dn: name=rice...@ad3.ucdavis.edu,cn=users,cn=ad3.ucdavis.edu,cn=sysdb createTimestamp: 1536877117 fullName: riceboy gecos: riceboy gidNumber: 190295 name: rice...@ad3.ucdavis.edu objectCategory: user uidNumber: 190295 Another data point (not sure if this is related), when I try and override the GID on an existing group, the name will change, but the GID will not. (original GID of "Domain Users" is 846575921) [root@tcsnd2 ~]# sss_override group-add "Domain us...@ad3.ucdavis.edu" -n NewName -g 1234567 SSSD needs to be restarted for the changes to take effect. [root@tcsnd2 ~]# systemctl restart sssd [root@tcsnd2 ~]# id rice...@ad3.ucdavis.edu uid=190295(riceboy) gid=846575921(newname) groups=846575921(newname),1170(status),1061419070(ism-us-systems),1061419998(iet-us-banner),1061419025(ism-us-status),1061419997(iet-us-edrs),1061419993(iet-us- rbds),1061419045(ism-us-ism),1234567(newname),1061419999(iet-us-ansible),1061419046(ism-us-isun-susers),1061419058(ism-us-netbackup),1061419074(ism-us-zenoss) I'm sure there's something simple I'm missing, any ideas? My sssd.conf file [nss] filter_groups = root filter_users = root reconnection_retries = 3 debug_level = 2 [pam] reconnection_retries = 3 debug_level = 2 [sssd] domains = ou.ad3.ucdavis.edu config_file_version = 2 services = nss, pam, ifp debug_level = 2 default_domain_suffix = AD3.UCDAVIS.EDU [domain/ou.ad3.ucdavis.edu] ad_domain = ou.ad3.ucdavis.edu krb5_realm = OU.AD3.UCDAVIS.EDU krb5_auth_timeout = 30 debug_level = 4 override_gid = 100 cache_credentials = True id_provider = ad auth_provider = ad chpass_provider = ad access_provider = ad #ad_access_filter = (memberOf=CN=IET-US-Unit-PS,OU=US-byOrg,OU=Groups,OU=IET-New,OU=DEPARTMENTS,DC=ou,DC=ad3,DC=ucdavis,DC=edu) use_fully_qualified_names = True ;;; Must be false for UNIX UIDs to be retrieved from AD3 ldap_id_mapping = false ldap_schema = ad krb5_store_password_if_offline = True default_shell = /bin/bash override_homedir = /home/%u fallback_homedir = /tmp/ override_shell = /bin/ksh #auto_private_groups = true access_provider = simple simple_allow_groups = ism-us-...@ou.ad3.ucdavis.edu, iet-us-ban...@ou.ad3.ucdavis.edu ignore_group_members = TRUE ldap_use_tokengroups = True ldap_group_nesting_level = 0 ldap_groups_use_matching_rule_in_chain = True ldap_initgroups_use_matching_rule_in_chain = True full_name_format = %1$s dyndns_update = false ~ Kevin Murakoshi IET Enterprise Student Applications ksmurako...@ucdavis.edu (530) 752-0318 (office) (530) 219-8188 (cell) _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org