[Freeipa-users] FreeIPA backend. Mavericks server shows UIDs instead of usernames in File Sharing.
Dmitri Pal
dpal at redhat.com
Sun Apr 13 12:50:12 UTC 2014
On 04/11/2014 10:37 AM, Fredy Sanchez wrote:
> Hi all,
>
> We asked this same question at discussions.apple.com
> <http://discussions.apple.com>, but figured we'd have better luck
> here. I apologize in advance if this is the wrong forum.
>
> We are switching from Synology (DSM 5) to Mavericks server (v3.1.1.
> running in Mavericks 10.9.2) for File Sharing. We use a FreeIPA
> (ipa-server.x86_64 3.0.0-37.el6) backend for SSO, and the Mac
> server seems correctly bound to it. Unfortunately, although we can add
> usernames to the shares for the initial config, the usernames
> transform to UIDs after (only for SSO accounts; local accounts are not
> affected). That is, when we go to edit the permissions for a share,
> all we see are UIDs. We can always figure out the username from the
> UID, but this is an extra step we don't want to have. We've tried
> reinstalling the Mac server app from scratch, re-binding to the
> FreeIPA backend, changing mappings in Directory Utility (for example,
> mapping GeneratedUID to uid, which is the username), recreating the
> shares and permissions, etc. Here are more details about the binding:
>
> * The binding happens thru a custom package we created based primarily
> on
> http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8
> * Sys Prefs, Users & Groups, Login Options show the server bound to
> the FreeIPA backend with the green dot
> * The following mappings are in place in Directory Utility, Services,
> LDAPv3, FreeIPA backend
> Users: inetOrgPerson
> AuthenticationAuthority: uid
> GeneratedUID: random number in uppercase
> HomeDirectory: #/Users/$uid$
> NFSHomeDirectory: #/Users/$uid$
> OriginalHomeDirectory: #/Users/$uid$
> PrimaryGroupID: gidNumber
> RealName: cn
> RecordName: uid
> UniqueID: uidNumber
I do not have a clue about such setup but if the UID shows somewhere it
should not be and there is a mapping attribute that can be mapped to
different unique identifiers and currently points to UID I would start
there. Have you tried mapping UniqueID to uid instead of uidNumber?
> UserShell: loginShell
> Groups: posixgroup
> PrimaryGroupID: gidNumber
> RecordName: cn
> The search bases are correct
> * Directory Utility, Directory Editor shows the right info for the users.
> * $ id $USERNAME shows the right information for the user
>
> FreeIPA is working beautifully for our Mac / Linux environment. We
> provide directory services to about 300 hosts, and 200 employees using
> it; and haven't had any problems LDAP wise until now. So we think we
> are missing a mapping here. Any ideas?
>
> --
> Cheers,
>
> Fredy Sanchez
> IT Manager @ Modernizing Medicine
> (561) 880-2998 x237
> fredy.sanchez at modmed.com <mailto:fredy.sanchez at modmed.com>
>
> *Need IT support?* Visit https://mmit.zendesk.com
> <https://mmit.zendesk.com/>
>
> *
>
>
> * *
> *
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140413/92f7edc2/attachment.htm>
More information about the Freeipa-users
mailing list