Ed, That sounds like an excellent plan. Every major NAS vendor (I work for one) supports LDAP authentication. Even against AD domain controllers.
(I'm a Linux engineer, not a storage engineer -- so I don't know the details of the NAS LDAP auth, only that it's fully supported and used here internally on the NAS mgmt heads.) Are you doing NFSv3 or NFSv4? I believe that NFSv4 bases file/dir access on 'user@domain', not UIDs. NFSv3 uses traditional UIDs/GIDs. I'm guessing you're doing NFSv3. (We do NFSv3 from the NAS shares onto our Linux servers whenever possible ourselves. We do NFSv4 only when one of the new NFSv4 features is required.) Spike On Wed, May 4, 2022 at 5:21 PM <[email protected]> wrote: > Thanks Spike! > > It looks like extending the AD to cater for UIDs and GIDs is the most > supported and least effort change to allow us to use any NAS. > > If we get approval, we'll likely come up with a system to populate these > values in the AD from an existing SSSD Linux client so that they match, > then we can transition all other Linux clients over from using the SSSD > mapping algorithm to using these values from AD. > > > Ed > > > 4 May 2022 12:26:01 am Spike White <[email protected]>: > > > Ed, > > > > Got this from our AD team: > > > > This MS article contains info regarding RFC 2307 and mentions it being > included in Window 2003 and later. Hopefully, this helps. > > > > > https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/213f515b-9cf2-43e8-b6c8-47b13cd61281 > > > > We are currently up to schema version 88 (Windows 2019). > > > > Spike > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
