On Wed, 19 Jul 2017, Jelle de Jong wrote:
The problem is I am at a customer that has an old Windows 2008 AD
server with
Unix tools and the uidNumber, gidNumber, unixHomeDirectory and loginShell
need to be used, so that my nfs shares have the correct mapping.
That's fine.
[sssd]
services = autofs
Do you really only want autofs?
[autofs]
I have no idea how to get my user authentication working with the correct
uidNumber, gidNumber mapping.
Can somebody maybe help?
My advice would be:
Stop using the ldap provider.
Use the ad provider, and join your machines to the domain and use GSSAPI auth.
No need to do anything with TLS, auth will just work.
ldap_id_mapping = False
Point it specifically at whatever attributes you need to, e.g.
ldap_user_uid_number = msSFU30UidNumber
jh