I was not aware zfs could do a uid mapping. If you understand what it is doing then
perhaps you can configure sssd to use the same scheme. I have not used that feature either
since we decided on our mapping over 6 years ago. I think it makes sense to use AD to
store all the password file fields in AD. Not everybody has the luxury of cooperative AD
administrators, so understand others having to work around it. SAN is not a fileserver by
itself.
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org [mailto:sssd-users-
bounces(a)lists.fedorahosted.org] On Behalf Of Longina Przybyszewska
Sent: Friday, 15 February 2013 1:02 AM
To: 'End-user discussions about the System Security Services Daemon'
Subject: Re: [SSSD-users] migrating from NIS to AD+kerberos
>> I understand that the approach with RID (real ID ??) mapping
achieves
> >consistent name mapping across all types file servers – am I right?
>I'm not sure what you mean by "across all types of file servers" but
the mapping should be consistent, yes.
We have diverse file servers Oracle Sun 7000(zfs), Ubuntu server( in
test NFS4+sssd ), SAN ;
For example Zfs mapping algorithm (using window-sid) is not the same
as client's with sssd-ad so,
we do not get the same user on both ends.
If we would like to have common storage for all possible clients(linux,
mac, win), to give user access to the same files
simultaneously - we need to have common and unique mapping between
windows sid and unix uid/gid.
In my understanding we can achieve it only if Posix uid/gid are built
from windows sid.
Only then from window client and linux client we get the same uid on
the file server.
Maybe I am wrong - please, enlighten me.
Longina
> >But maybe in sssd context it doesn’t make sense – as Ondrej points
out.
> >
> >Ondrej, if you say “sssd can serve automount maps for automounter” –
> >that means sssd can read ldap automounter map, and do it
automatically if we define autofs service in [nss] but first
automounter has to know about sssd and link to sssd libraries?
>>
See
http://jhrozek.livejournal.com/2500.html for example.
> Alternative, now we have to convert NIS auto.home maps to ldap
> format, and load them to AD (???), then reconfigure automounter to
ask AD for entry instead of NIS.
> By the way how do I find what class/attributes I want in AD-ldap for
autofs?
>
> Longina
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users