[CentOS] Centos+AD integration (uid/gid problems)

Wed Mar 30 08:35:11 UTC 2011
nux at li.nux.ro <nux at li.nux.ro>

Ray Van Dolson writes:

> On Tue, Mar 29, 2011 at 02:13:13PM -0400, Christopher Hearn wrote:
>> On Mar 29, 2011, at 1:18 PM, Ray Van Dolson wrote:
>> > On Tue, Mar 29, 2011 at 06:07:46PM +0100, nux at li.nux.ro wrote:
>> >> Hi,
>> >> 
>> >> I need to have several EL machines in an AD env. 
>> >> Joining the machines was easier than expected using authconfig, but what 
>> >> happens now is that blahdomain\blahuser gets assigned a 
>> >> different, random ID each time I use a different station.
>> >> In AD I did specify the UID and GID in the UNIX Attributes tab for blahuser, 
>> >> but it gets totally ignored; so do the other values (for home, shell etc).
>> >> 
>> >> Ideally I'd have all the users assigned a static uid and gid from AD and 
>> >> have /home on all machines mounted from NFS; but right now if I log in with 
>> >> blahuser to another machine my $HOME is owned by another random id.
>> >> 
>> >> Sugesstions? What am I missing? I'm quite a noob with Windows :)
>> >> 
>> >> Cheers
>> > 
>> > You might try taking a look at idmap_ad(8) (and the other idmap_* man
>> > pages as well).
>> > 
>> > I'm not sure which idmap backend gets used by default (RID?).  I did
>> > think idmap_rid would result in consistent UID/GID mappings based on
>> > the SID assuming you choose the same ranges on each server...
>> > 
>> > Ray
>> If you use something like Centrify Express or Likewise Open, the
>> UID/GIDs are calculated the same way every time on every system that
>> uses the software so it makes, IMO, setup & management a lot easier.
>> Chris
> I can vouch for Likewise Open just working.  However, it too is based
> on Samba and based on the OP's information, he should be able to
> achieve deterministic UID/GID numbers across his system with standard
> OS packages only if that is his goal.
> That said, if you have a variety of platforms and OS'es to support,
> Likewise is a great option... (never tried Centrify)
> Ray

Thanks for the suggestion, but already tried Likewise (on some ubuntu 
machine though) and didnt work for me, however for my needs authconfig does 
a great job and if I get the UID/GID issue solved I'm all settled.
Following Adam's advice I got the GID from UNIX Attributes respected, so 
I'm getting closer. :-)

Thanks for all the replies!