James, Let me see if I understand your statement. Suppose my desired UID for admspike_white is 1234. So using POSIX attributes, you had assigned uidNumber == 1234 and gidNumber == 1234 on the user account admspike_white in AD. For each user you had done this.
But you had not do the step further and created an actual group object with name 'admspike_white' and gidNumber == 1234. If that's correct, to my mind: 1. without auto_private_groups, your user's account reference to gidNumber == 1234 is a "dangling reference". A reference to a group object that does not exist in your AD deployment. 2. with auto_private_groups, sssd takes the uidNumber (of 1234), invents the fiction of a group with the same name and gidNumber of 1234. id admspike_white reports this fiction as the primary group. In this case, the gidNumber == 1234 would be ignored by sssd (except it'd be reported as one of the supplemental groups in the 'id' command). Do I have this right? Spike On Fri, Oct 4, 2019 at 11:17 AM Goetz, Patrick G <pgo...@math.utexas.edu> wrote: > > > On 10/4/19 8:21 AM, James Cassell wrote: > > We had previously assigned POSIX attributes to all users in AD. We > assigned a uidNumber to each user and also a gidNumber that is the same > number as the uidNumber for each given user. > > Wait, you did this in AD? How? I thought all the SIDs need to be > unique because everything in AD is in a single namespace. > > > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org >
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org