[Freeipa-users] FreeIPA backend. Mavericks server shows UIDs instead of usernames in File Sharing.

Dmitri Pal dpal at redhat.com
Sun Apr 13 12:50:12 UTC 2014 

On 04/11/2014 10:37 AM, Fredy Sanchez wrote:
> Hi all,
>
> We asked this same question at discussions.apple.com 
> <http://discussions.apple.com>, but figured we'd have better luck 
> here. I apologize in advance if this is the wrong forum.
>
> We are switching from Synology (DSM 5) to Mavericks server (v3.1.1. 
> running in Mavericks 10.9.2) for File Sharing. We use a FreeIPA 
> (ipa-server.x86_64         3.0.0-37.el6) backend for SSO, and the Mac 
> server seems correctly bound to it. Unfortunately, although we can add 
> usernames to the shares for the initial config, the usernames 
> transform to UIDs after (only for SSO accounts; local accounts are not 
> affected). That is, when we go to edit the permissions for a share, 
> all we see are UIDs. We can always figure out the username from the 
> UID, but this is an extra step we don't want to have. We've tried 
> reinstalling the Mac server app from scratch, re-binding to the 
> FreeIPA backend, changing mappings in Directory Utility (for example, 
> mapping GeneratedUID to uid, which is the username), recreating the 
> shares and permissions, etc. Here are more details about the binding:
>
> * The binding happens thru a custom package we created based primarily 
> on 
> http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8
> * Sys Prefs, Users & Groups, Login Options show the server bound to 
> the FreeIPA backend with the green dot
> * The following mappings are in place in Directory Utility, Services, 
> LDAPv3, FreeIPA backend
> Users: inetOrgPerson
>      AuthenticationAuthority: uid
>      GeneratedUID: random number in uppercase
>      HomeDirectory: #/Users/$uid$
>      NFSHomeDirectory: #/Users/$uid$
>      OriginalHomeDirectory: #/Users/$uid$
>      PrimaryGroupID: gidNumber
>      RealName: cn
>      RecordName: uid
>      UniqueID: uidNumber

I do not have a clue about such setup but if the UID shows somewhere it 
should not be and there is a mapping attribute that can be mapped to 
different unique identifiers and currently points to UID I would start 
there. Have you tried mapping UniqueID to uid instead of uidNumber?

>      UserShell: loginShell
> Groups: posixgroup
>      PrimaryGroupID: gidNumber
>      RecordName: cn
> The search bases are correct
> * Directory Utility, Directory Editor shows the right info for the users.
> * $ id $USERNAME shows the right information for the user
>
> FreeIPA is working beautifully for our Mac / Linux environment. We 
> provide directory services to about 300 hosts, and 200 employees using 
> it; and haven't had any problems LDAP wise until now. So we think we 
> are missing a mapping here. Any ideas?
>
> -- 
> Cheers,
>
> Fredy Sanchez
> IT Manager @ Modernizing Medicine
> (561) 880-2998 x237
> fredy.sanchez at modmed.com <mailto:fredy.sanchez at modmed.com>
>
> *Need IT support?* Visit https://mmit.zendesk.com 
> <https://mmit.zendesk.com/>
>
>  *
>
>
>   * *
>     *
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140413/92f7edc2/attachment.htm>

More information about the Freeipa-users mailing list