On Solaris I get good id mapping..on linux not,why?
up vote
1
down vote
favorite
I use an Active Directory server for authentication,Solaris works fine following this Howto.
All works,and my user "user1" get the right UID assigned
on Windows AD,which is 10000.
On linux I follow this howto and I can join the AD..user works but..id is totally different,not 10000 but
"uid=744201108",how to get the correct uid on linux?
This is my sssd
[sssd]
domains = server.example
config_file_version = 2
services = nss, pam
[domain/server.example]
ad_domain = server.example
krb5_realm = SERVER.EXAMPLE
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = false
fallback_homedir = /home/%u@%d
access_provider = ad
# needed to use correct active directory properties (Windows Server 2003)
ldap_schema = ad
ldap_user_object_class = person
ldap_user_name = msSFU30Name
ldap_user_uid_number = msSFU30UidNumber
ldap_user_gid_number = msSFU30GidNumber
ldap_user_home_directory = msSFU30HomeDirectory
ldap_user_shell = msSFU30LoginShell
ldap_user_gecos = displayName
ldap_group_object_class = group
ldap_group_name = msSFU30Name
ldap_group_gid_number = msSFU30GidNumber
# id
ldap_idmap_autorid_compat = true
linux solaris active-directory sssd
asked 2 days ago
elbarna
4,04793678
add a comment |
up vote
1
down vote
favorite
I use an Active Directory server for authentication,Solaris works fine following this Howto.
All works,and my user "user1" get the right UID assigned
on Windows AD,which is 10000.
On linux I follow this howto and I can join the AD..user works but..id is totally different,not 10000 but
"uid=744201108",how to get the correct uid on linux?
This is my sssd
[sssd]
domains = server.example
config_file_version = 2
services = nss, pam
[domain/server.example]
ad_domain = server.example
krb5_realm = SERVER.EXAMPLE
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = false
fallback_homedir = /home/%u@%d
access_provider = ad
# needed to use correct active directory properties (Windows Server 2003)
ldap_schema = ad
ldap_user_object_class = person
ldap_user_name = msSFU30Name
ldap_user_uid_number = msSFU30UidNumber
ldap_user_gid_number = msSFU30GidNumber
ldap_user_home_directory = msSFU30HomeDirectory
ldap_user_shell = msSFU30LoginShell
ldap_user_gecos = displayName
ldap_group_object_class = group
ldap_group_name = msSFU30Name
ldap_group_gid_number = msSFU30GidNumber
# id
ldap_idmap_autorid_compat = true
linux solaris active-directory sssd
asked 2 days ago
elbarna
4,04793678
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I use an Active Directory server for authentication,Solaris works fine following this Howto.
All works,and my user "user1" get the right UID assigned
on Windows AD,which is 10000.
On linux I follow this howto and I can join the AD..user works but..id is totally different,not 10000 but
"uid=744201108",how to get the correct uid on linux?
This is my sssd
[sssd]
domains = server.example
config_file_version = 2
services = nss, pam
[domain/server.example]
ad_domain = server.example
krb5_realm = SERVER.EXAMPLE
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = false
fallback_homedir = /home/%u@%d
access_provider = ad
# needed to use correct active directory properties (Windows Server 2003)
ldap_schema = ad
ldap_user_object_class = person
ldap_user_name = msSFU30Name
ldap_user_uid_number = msSFU30UidNumber
ldap_user_gid_number = msSFU30GidNumber
ldap_user_home_directory = msSFU30HomeDirectory
ldap_user_shell = msSFU30LoginShell
ldap_user_gecos = displayName
ldap_group_object_class = group
ldap_group_name = msSFU30Name
ldap_group_gid_number = msSFU30GidNumber
# id
ldap_idmap_autorid_compat = true
linux solaris active-directory sssd
asked 2 days ago
elbarna
4,04793678
I use an Active Directory server for authentication,Solaris works fine following this Howto.
All works,and my user "user1" get the right UID assigned
on Windows AD,which is 10000.
On linux I follow this howto and I can join the AD..user works but..id is totally different,not 10000 but
"uid=744201108",how to get the correct uid on linux?
This is my sssd
[sssd]
domains = server.example
config_file_version = 2
services = nss, pam
[domain/server.example]
ad_domain = server.example
krb5_realm = SERVER.EXAMPLE
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = false
fallback_homedir = /home/%u@%d
access_provider = ad
# needed to use correct active directory properties (Windows Server 2003)
ldap_schema = ad
ldap_user_object_class = person
ldap_user_name = msSFU30Name
ldap_user_uid_number = msSFU30UidNumber
ldap_user_gid_number = msSFU30GidNumber
ldap_user_home_directory = msSFU30HomeDirectory
ldap_user_shell = msSFU30LoginShell
ldap_user_gecos = displayName
ldap_group_object_class = group
ldap_group_name = msSFU30Name
ldap_group_gid_number = msSFU30GidNumber
# id
ldap_idmap_autorid_compat = true
linux solaris active-directory sssd
linux solaris active-directory sssd
asked 2 days ago
elbarna
4,04793678
asked 2 days ago
elbarna
4,04793678
asked 2 days ago
elbarna
4,04793678
asked 2 days ago
elbarna
4,04793678
asked 2 days ago
elbarna
4,04793678
4,04793678
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
2
down vote
accepted
The SSSD docs cover this in some detail. Essentially, by default when SSSD is used to join a new domain, it assigns a block of UID's designed to be unique to that domain, that override any that AD might have assigned. This allows multiple domains to be used, and ensure that users from all domains get unique UID's.
This portion of the docs, I think gives you the info you need. (Basically, set ldap_id_mapping = False, restart SSSD and clear caches)
answered 2 days ago
clockworknet
442
add a comment |
up vote
0
down vote
Alternative solution,using this sssd.conf works perfect,is based on ldapclient setting of solaris.
[sssd]
domains = server.example
config_file_version = 2
services = nss, pam
[domain/server.example]
ad_domain = server.example
krb5_realm = SERVER.EXAMPLE
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
krb5_store_password_if_offline = True
default_shell = /bin/bash
use_fully_qualified_names = False
fallback_homedir = /home/%u@%d
min_id = 10000
max_id = 20000
override_homedir = /home/%u
access_provider = ldap
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldap://windowserver.example.domain
ldap_search_base = dc=server,dc=example
ldap_default_bind_dn = cn=proxyldap,cn=Users,dc=server,dc=example
ldap_default_authtok_type = password
ldap_default_authtok = *********YOURPASSHERE*****
ldap_id_use_start_tls = False
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_schema = rfc2307bis
ldap_user_principal = userPrincipalName
ldap_user_fullname = displayName
ldap_user_name = sAMAccountName
ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = msSFU30LoginShell
ldap_group_object_class = group
ldap_force_upper_case_realm = true
ldap_group_uuid = objectGUID
ldap_user_uuid = objectGUID
ldap_user_gid_number = gidNumber
ldap_user_uid_number = uidNumber
answered 2 days ago
elbarna
4,04793678
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f487416%2fon-solaris-i-get-good-id-mapping-on-linux-not-why%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
The SSSD docs cover this in some detail. Essentially, by default when SSSD is used to join a new domain, it assigns a block of UID's designed to be unique to that domain, that override any that AD might have assigned. This allows multiple domains to be used, and ensure that users from all domains get unique UID's.
This portion of the docs, I think gives you the info you need. (Basically, set ldap_id_mapping = False, restart SSSD and clear caches)
answered 2 days ago
clockworknet
442
add a comment |
up vote
2
down vote
accepted
The SSSD docs cover this in some detail. Essentially, by default when SSSD is used to join a new domain, it assigns a block of UID's designed to be unique to that domain, that override any that AD might have assigned. This allows multiple domains to be used, and ensure that users from all domains get unique UID's.
This portion of the docs, I think gives you the info you need. (Basically, set ldap_id_mapping = False, restart SSSD and clear caches)
answered 2 days ago
clockworknet
442
add a comment |
up vote
2
down vote
accepted
up vote
2
down vote
accepted
The SSSD docs cover this in some detail. Essentially, by default when SSSD is used to join a new domain, it assigns a block of UID's designed to be unique to that domain, that override any that AD might have assigned. This allows multiple domains to be used, and ensure that users from all domains get unique UID's.
This portion of the docs, I think gives you the info you need. (Basically, set ldap_id_mapping = False, restart SSSD and clear caches)
answered 2 days ago
clockworknet
442
The SSSD docs cover this in some detail. Essentially, by default when SSSD is used to join a new domain, it assigns a block of UID's designed to be unique to that domain, that override any that AD might have assigned. This allows multiple domains to be used, and ensure that users from all domains get unique UID's.
This portion of the docs, I think gives you the info you need. (Basically, set ldap_id_mapping = False, restart SSSD and clear caches)
answered 2 days ago
clockworknet
442
answered 2 days ago
clockworknet
442
answered 2 days ago
clockworknet
442
answered 2 days ago
clockworknet
442
442
add a comment |
add a comment |
up vote
0
down vote
Alternative solution,using this sssd.conf works perfect,is based on ldapclient setting of solaris.
[sssd]
domains = server.example
config_file_version = 2
services = nss, pam
[domain/server.example]
ad_domain = server.example
krb5_realm = SERVER.EXAMPLE
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
krb5_store_password_if_offline = True
default_shell = /bin/bash
use_fully_qualified_names = False
fallback_homedir = /home/%u@%d
min_id = 10000
max_id = 20000
override_homedir = /home/%u
access_provider = ldap
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldap://windowserver.example.domain
ldap_search_base = dc=server,dc=example
ldap_default_bind_dn = cn=proxyldap,cn=Users,dc=server,dc=example
ldap_default_authtok_type = password
ldap_default_authtok = *********YOURPASSHERE*****
ldap_id_use_start_tls = False
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_schema = rfc2307bis
ldap_user_principal = userPrincipalName
ldap_user_fullname = displayName
ldap_user_name = sAMAccountName
ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = msSFU30LoginShell
ldap_group_object_class = group
ldap_force_upper_case_realm = true
ldap_group_uuid = objectGUID
ldap_user_uuid = objectGUID
ldap_user_gid_number = gidNumber
ldap_user_uid_number = uidNumber
answered 2 days ago
elbarna
4,04793678
add a comment |
up vote
0
down vote
Alternative solution,using this sssd.conf works perfect,is based on ldapclient setting of solaris.
[sssd]
domains = server.example
config_file_version = 2
services = nss, pam
[domain/server.example]
ad_domain = server.example
krb5_realm = SERVER.EXAMPLE
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
krb5_store_password_if_offline = True
default_shell = /bin/bash
use_fully_qualified_names = False
fallback_homedir = /home/%u@%d
min_id = 10000
max_id = 20000
override_homedir = /home/%u
access_provider = ldap
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldap://windowserver.example.domain
ldap_search_base = dc=server,dc=example
ldap_default_bind_dn = cn=proxyldap,cn=Users,dc=server,dc=example
ldap_default_authtok_type = password
ldap_default_authtok = *********YOURPASSHERE*****
ldap_id_use_start_tls = False
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_schema = rfc2307bis
ldap_user_principal = userPrincipalName
ldap_user_fullname = displayName
ldap_user_name = sAMAccountName
ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = msSFU30LoginShell
ldap_group_object_class = group
ldap_force_upper_case_realm = true
ldap_group_uuid = objectGUID
ldap_user_uuid = objectGUID
ldap_user_gid_number = gidNumber
ldap_user_uid_number = uidNumber
answered 2 days ago
elbarna
4,04793678
add a comment |
up vote
0
down vote
up vote
0
down vote
Alternative solution,using this sssd.conf works perfect,is based on ldapclient setting of solaris.
[sssd]
domains = server.example
config_file_version = 2
services = nss, pam
[domain/server.example]
ad_domain = server.example
krb5_realm = SERVER.EXAMPLE
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
krb5_store_password_if_offline = True
default_shell = /bin/bash
use_fully_qualified_names = False
fallback_homedir = /home/%u@%d
min_id = 10000
max_id = 20000
override_homedir = /home/%u
access_provider = ldap
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldap://windowserver.example.domain
ldap_search_base = dc=server,dc=example
ldap_default_bind_dn = cn=proxyldap,cn=Users,dc=server,dc=example
ldap_default_authtok_type = password
ldap_default_authtok = *********YOURPASSHERE*****
ldap_id_use_start_tls = False
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_schema = rfc2307bis
ldap_user_principal = userPrincipalName
ldap_user_fullname = displayName
ldap_user_name = sAMAccountName
ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = msSFU30LoginShell
ldap_group_object_class = group
ldap_force_upper_case_realm = true
ldap_group_uuid = objectGUID
ldap_user_uuid = objectGUID
ldap_user_gid_number = gidNumber
ldap_user_uid_number = uidNumber
answered 2 days ago
elbarna
4,04793678
Alternative solution,using this sssd.conf works perfect,is based on ldapclient setting of solaris.
[sssd]
domains = server.example
config_file_version = 2
services = nss, pam
[domain/server.example]
ad_domain = server.example
krb5_realm = SERVER.EXAMPLE
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
krb5_store_password_if_offline = True
default_shell = /bin/bash
use_fully_qualified_names = False
fallback_homedir = /home/%u@%d
min_id = 10000
max_id = 20000
override_homedir = /home/%u
access_provider = ldap
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldap://windowserver.example.domain
ldap_search_base = dc=server,dc=example
ldap_default_bind_dn = cn=proxyldap,cn=Users,dc=server,dc=example
ldap_default_authtok_type = password
ldap_default_authtok = *********YOURPASSHERE*****
ldap_id_use_start_tls = False
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_schema = rfc2307bis
ldap_user_principal = userPrincipalName
ldap_user_fullname = displayName
ldap_user_name = sAMAccountName
ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = msSFU30LoginShell
ldap_group_object_class = group
ldap_force_upper_case_realm = true
ldap_group_uuid = objectGUID
ldap_user_uuid = objectGUID
ldap_user_gid_number = gidNumber
ldap_user_uid_number = uidNumber
answered 2 days ago
elbarna
4,04793678
answered 2 days ago
elbarna
4,04793678
answered 2 days ago
elbarna
4,04793678
answered 2 days ago
elbarna
4,04793678
4,04793678
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f487416%2fon-solaris-i-get-good-id-mapping-on-linux-not-why%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
