Hi SSSD Users list, Our AD domain is functional level '03 and it's about time we upgrade. We have a little over twenty CentOS (vers. 5, 6 & 7) development servers which use AD for ssh authentication and shared samba mounts. The best info I found regarding this upgrade's impact on Linux shares & authentication is this article from Centrify [1] which mentions that the smb service might have to be restarted.
I also have not found a working reliable source for the best method to join additional CentOS servers to the domain. Right now we're using a mix of samba and winbind for centos 5/6 [2] and sssd for centos 7 [3]. My ignorance around Kerberos is vast and wonder if/how that might play a role in this. We did notice that with the standard sssd setup, our UID and GIDs were different so we set: --automatic-id-mapping=no and then set the values for each user object manually within ADUC --> Attribute Editor --> gidNumber and uidNumber to match what they reported from a CentOS 6 machine's "id user" command. I'm increasingly anxious about raising the functional level since it is a one-way process with no rollback option. What are the best sources of information for managing AD integration? Thank you! Mike [1] https://community.centrify.com/t5/TechBlog/Basics-Understanding-how-Active-Directory-Functional-Levels/ba-p/22077 [2] https://www.server-world.info/en/note?os=CentOS_6&p=samba&f=7 [3] https://www.server-world.info/en/note?os=CentOS_7&p=realmd
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
