Hello all.  I am currently working on a new project to configure sssd authentication, for Ubuntu clients.

And hello to Lachlan Musicman - did not expect to see you here!

I think this question must be asked many times. So forgive me.

We have an existing set of Unix usernames/uids which are pushed out onto the client workstations vi a configuration management system. Ie there are local /etc/passwd files which are updated when new users joint he company.

the uid range is 1000 to 3000 

If we start to use sssd with AD authentication and the AD RID mapping, then different UIDs will be reported.

We do not wish to use the Posix attributes - the whole point is to reduce the manual steps needed when new accounts are created.

So my questions are:

a) is there any way to map AD RID style UIDs to existing UIDs   (I have tried to search for this)

b) other orgnisations have faced this.  Is the only answer a script to chown each users files if they are transitioned over to AD?

Also a question about pam_mkhomedir    I have used this successfully in the past, on a BeeGFS filesystem where all the clients have read/write access.

If the workstation is an NFS client, then creating a new home directory for a user should not be possible, given that root squash is configured on the NFS share.

Is there a smart way to get pam_mkhomedir to work on an NFS client system?

Or perhaps the user needs to log into the NFS server system one time only (assuming logins are encouraged directly to servers like that anyway)

Thanks for any thoughts and insights.

John Hearns