認証にActive Directoryサーバーを使用しており、次のようにSolarisが正常に動作します。どのように。
すべてがうまくいきます。私のユーザー "user1"にWindows ADの正しいUID 10000が割り当てられました。
Linuxではこれに従いますどのようにAD..user操作に参加できますが、..idは10000ではなく「uid = 744201108」とはまったく異なります。 Linuxで正しいuidを取得する方法は?これは私のSSDです。
[sssd]
domains = server.example
config_file_version = 2
services = nss, pam
[domain/server.example]
ad_domain = server.example
krb5_realm = SERVER.EXAMPLE
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = false
fallback_homedir = /home/%u@%d
access_provider = ad
# needed to use correct active directory properties (Windows Server 2003)
ldap_schema = ad
ldap_user_object_class = person
ldap_user_name = msSFU30Name
ldap_user_uid_number = msSFU30UidNumber
ldap_user_gid_number = msSFU30GidNumber
ldap_user_home_directory = msSFU30HomeDirectory
ldap_user_shell = msSFU30LoginShell
ldap_user_gecos = displayName
ldap_group_object_class = group
ldap_group_name = msSFU30Name
ldap_group_gid_number = msSFU30GidNumber
# id
ldap_idmap_autorid_compat = true
答え1
答え2
代替ソリューションは、Solarisベースのldapclient設定と完全に機能するこのsssd.confを使用することです。
[sssd]
domains = server.example
config_file_version = 2
services = nss, pam
[domain/server.example]
ad_domain = server.example
krb5_realm = SERVER.EXAMPLE
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
krb5_store_password_if_offline = True
default_shell = /bin/bash
use_fully_qualified_names = False
fallback_homedir = /home/%u@%d
min_id = 10000
max_id = 20000
override_homedir = /home/%u
access_provider = ldap
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldap://windowserver.example.domain
ldap_search_base = dc=server,dc=example
ldap_default_bind_dn = cn=proxyldap,cn=Users,dc=server,dc=example
ldap_default_authtok_type = password
ldap_default_authtok = *********YOURPASSHERE*****
ldap_id_use_start_tls = False
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_schema = rfc2307bis
ldap_user_principal = userPrincipalName
ldap_user_fullname = displayName
ldap_user_name = sAMAccountName
ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = msSFU30LoginShell
ldap_group_object_class = group
ldap_force_upper_case_realm = true
ldap_group_uuid = objectGUID
ldap_user_uuid = objectGUID
ldap_user_gid_number = gidNumber
ldap_user_uid_number = uidNumber