[CentOS] Centos+AD integration (uid/gid problems)
Ray Van Dolson
rayvd at bludgeon.org
Tue Mar 29 19:27:11 UTC 2011
On Tue, Mar 29, 2011 at 01:37:38PM -0500, Les Mikesell wrote:
> On 3/29/2011 1:29 PM, Ray Van Dolson wrote:
> >> If you use something like Centrify Express or Likewise Open, the
> >> UID/GIDs are calculated the same way every time on every system that
> >> uses the software so it makes, IMO, setup& management a lot easier.
> >> Chris
> > I can vouch for Likewise Open just working. However, it too is based
> > on Samba and based on the OP's information, he should be able to
> > achieve deterministic UID/GID numbers across his system with standard
> > OS packages only if that is his goal.
> > That said, if you have a variety of platforms and OS'es to support,
> > Likewise is a great option... (never tried Centrify)
> Do either/both of these let you add accounts for the Linux side that
> don't propagate back to AD? I'd like something to use in a lab so
> existing users/passwords didn't take extra work but we could still add
> accounts that don't exist (and we don't want) in AD. Easy hooks for
> apache and java web services to see the combined accounts would be a big
My understanding is you'd have to rely on local accounts or a second
centralized authentication source (probably done via NSS not via
Maybe allowing the accounts to float back to AD but somehow restricting
them for Unix login use only...
(We have a long-standing project to migrate off NIS to AD-only --
preserving UID's/GID's and defining the sort of access requirements you
describe is a bit of a challenge).
More information about the CentOS