[Freeipa-users] Active Directory Integration and limitations
Alexander Bokovoy
abokovoy at redhat.com
Tue Nov 24 15:07:45 UTC 2015
On Tue, 24 Nov 2015, Domineaux Philippe wrote:
>So it seems that for a native ipa user ( in my case testipa ) , the uid is
>return but for an AD user, it returns me zero.
>The result is that when I am logged on a workstation using an AD account I
>see nfs shares with nobody attributes.
Show your nsfidmap configuration, /etc/idmapd.conf. Are you using SSSD plugin for translation?
[Translation]
Method = sss
GSS-Methods = sss
>Specifically you may want to *not* try to consult LDAP from idmap, but
>> use a regex to transform the windows realm from upper case to lowercase
>> and then just use the getpwnam interface.
>>
>>
>As you can see on my krb5.conf there is already a regex for the ipa realm =
>
>auth_to_local = RULE:[1:$1@$0](^.*@WINDOMAIN.LOCAL$)s/@WINDOMAIN.LOCAL/@windomain.local/
This is irrelevant for nfsidmap.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list