Hi All,
I'm relatively new to SSSD, and this has me stumped. I'm trying to override the
default GID for all the users on a OEL 7 system. I set override_gid = 100 in
sssd.conf, but as far as i can tell nothing's happening. Looking into the sssd
cache, I see:
dn: name=rice...@ad3.ucdavis.edu,cn=users,cn=ad3.ucdavis.edu,cn=sysdb
createTimestamp: 1536876547
fullName: riceboy
gecos: riceboy
gidNumber: 846575921
name: rice...@ad3.ucdavis.edu
objectCategory: user
uidNumber: 190295
When I set auto_private_groups = true, the GID does change:
dn: name=rice...@ad3.ucdavis.edu,cn=users,cn=ad3.ucdavis.edu,cn=sysdb
createTimestamp: 1536877117
fullName: riceboy
gecos: riceboy
gidNumber: 190295
name: rice...@ad3.ucdavis.edu
objectCategory: user
uidNumber: 190295
Another data point (not sure if this is related), when I try and override the
GID on an existing group, the name will change, but the GID will not. (original
GID of "Domain Users" is 846575921)
[root@tcsnd2 ~]# sss_override group-add "Domain us...@ad3.ucdavis.edu" -n
NewName -g 1234567
SSSD needs to be restarted for the changes to take effect.
[root@tcsnd2 ~]# systemctl restart sssd
[root@tcsnd2 ~]# id rice...@ad3.ucdavis.edu
uid=190295(riceboy) gid=846575921(newname)
groups=846575921(newname),1170(status),1061419070(ism-us-systems),1061419998(iet-us-banner),1061419025(ism-us-status),1061419997(iet-us-edrs),1061419993(iet-us-
rbds),1061419045(ism-us-ism),1234567(newname),1061419999(iet-us-ansible),1061419046(ism-us-isun-susers),1061419058(ism-us-netbackup),1061419074(ism-us-zenoss)
I'm sure there's something simple I'm missing, any ideas?
My sssd.conf file
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
debug_level = 2
[pam]
reconnection_retries = 3
debug_level = 2
[sssd]
domains = ou.ad3.ucdavis.edu
config_file_version = 2
services = nss, pam, ifp
debug_level = 2
default_domain_suffix = AD3.UCDAVIS.EDU
[domain/ou.ad3.ucdavis.edu]
ad_domain = ou.ad3.ucdavis.edu
krb5_realm = OU.AD3.UCDAVIS.EDU
krb5_auth_timeout = 30
debug_level = 4
override_gid = 100
cache_credentials = True
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
#ad_access_filter =
(memberOf=CN=IET-US-Unit-PS,OU=US-byOrg,OU=Groups,OU=IET-New,OU=DEPARTMENTS,DC=ou,DC=ad3,DC=ucdavis,DC=edu)
use_fully_qualified_names = True
;;; Must be false for UNIX UIDs to be retrieved from AD3
ldap_id_mapping = false
ldap_schema = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
override_homedir = /home/%u
fallback_homedir = /tmp/
override_shell = /bin/ksh
#auto_private_groups = true
access_provider = simple
simple_allow_groups = ism-us-...@ou.ad3.ucdavis.edu,
iet-us-ban...@ou.ad3.ucdavis.edu
ignore_group_members = TRUE
ldap_use_tokengroups = True
ldap_group_nesting_level = 0
ldap_groups_use_matching_rule_in_chain = True
ldap_initgroups_use_matching_rule_in_chain = True
full_name_format = %1$s
dyndns_update = false
~
Kevin Murakoshi
IET Enterprise Student Applications
ksmurako...@ucdavis.edu
(530) 752-0318 (office)
(530) 219-8188 (cell)
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
