[Freeipa-users] FreeIPA backend. Mavericks server shows UIDs instead of usernames in File Sharing.
Rob Crittenden
rcritten at redhat.com
Wed Apr 16 22:12:06 UTC 2014
Fredy Sanchez wrote:
> Hi Simo,
>
> Thanks for your reply. Good old Google pointed me to
> https://github.com/rtrouton/rtrouton_scripts/blob/master/rtrouton_scripts/open-l
> dap_bind_script/Mac_OpenLDAP_bind_script.sh, which gave me the idea of
> updating the RealName mapping to displayName. This solved the problem,
> I'll have to recreate the permissions for every share, but the user
> names now show up, and stick. No more UIDs.
Great. Any chance you can write something and post a howto on our wiki?
Or send the details to me and I'll write something up?
thanks
rob
>
>
> On Tue, Apr 15, 2014 at 9:30 AM, Simo Sorce <simo at redhat.com
> <mailto:simo at redhat.com>> wrote:
>
> On Fri, 2014-04-11 at 10:37 -0400, Fredy Sanchez wrote:
> > Hi all,
> >
> > We asked this same question at discussions.apple.com
> <http://discussions.apple.com>, but figured we'd have
> > better luck here. I apologize in advance if this is the wrong forum.
> >
> > We are switching from Synology (DSM 5) to Mavericks server
> (v3.1.1. running
> > in Mavericks 10.9.2) for File Sharing. We use a FreeIPA
> (ipa-server.x86_64
> > 3.0.0-37.el6) backend for SSO, and the Mac server seems
> correctly
> > bound to it. Unfortunately, although we can add usernames to the
> shares for
> > the initial config, the usernames transform to UIDs after (only
> for SSO
> > accounts; local accounts are not affected). That is, when we go
> to edit the
> > permissions for a share, all we see are UIDs. We can always
> figure out the
> > username from the UID, but this is an extra step we don't want to
> have.
> > We've tried reinstalling the Mac server app from scratch,
> re-binding to the
> > FreeIPA backend, changing mappings in Directory Utility (for example,
> > mapping GeneratedUID to uid, which is the username), recreating
> the shares
> > and permissions, etc. Here are more details about the binding:
> >
> > * The binding happens thru a custom package we created based
> primarily on
> >
> http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8
> > * Sys Prefs, Users & Groups, Login Options show the server bound
> to the
> > FreeIPA backend with the green dot
> > * The following mappings are in place in Directory Utility, Services,
> > LDAPv3, FreeIPA backend
> >
> > Users: inetOrgPerson
> > AuthenticationAuthority: uid
> > GeneratedUID: random number in uppercase
> > HomeDirectory: #/Users/$uid$
> > NFSHomeDirectory: #/Users/$uid$
> > OriginalHomeDirectory: #/Users/$uid$
> > PrimaryGroupID: gidNumber
> > RealName: cn
> > RecordName: uid
> > UniqueID: uidNumber
> > UserShell: loginShell
> > Groups: posixgroup
> > PrimaryGroupID: gidNumber
> > RecordName: cn
> >
> > The search bases are correct
> >
> > * Directory Utility, Directory Editor shows the right info for
> the users.
> > * $ id $USERNAME shows the right information for the user
> >
> > FreeIPA is working beautifully for our Mac / Linux environment.
> We provide
> > directory services to about 300 hosts, and 200 employees using
> it; and
> > haven't had any problems LDAP wise until now. So we think we are
> missing a
> > mapping here. Any ideas?
>
> Fredy,
> I quickly tried to check for some documentation on how to configure this
> stuff, but found only useless superficial guides on how to find the
> pointy/clicky buttons to push to enable the service.
>
> I am not a Mac expert by a long shot so I cannot help you much here.
>
> Is there any guide available on how to use this service with other LDAP
> servers, like openLDAP or Active Directory ? We can probably draw some
> conclusions from there.
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
>
>
> --
> Cheers,
>
> Fredy Sanchez
> IT Manager @ Modernizing Medicine
> (561) 880-2998 x237
> fredy.sanchez at modmed.com <mailto:fredy.sanchez at modmed.com>
>
> *Need IT support?* Visit https://mmit.zendesk.com
> <https://mmit.zendesk.com/>
>
> *
>
>
> * *
> *
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list