On (19/07/17 16:57), Jelle de Jong wrote:
Hello everybody,
I been trying hard to get sssd to work on a new CentOS 7 workstation.
sssd --version
1.14.0
# working ldapsearch command and output
https://paste.fedoraproject.org/paste/L3Uv8Mg6FMuLlIHXkL5~0Q/raw
The problem is I am at a customer that has an old Windows 2008 AD server with
Unix tools and the uidNumber, gidNumber, unixHomeDirectory and loginShell
need to be used, so that my nfs shares have the correct mapping.
You might check sssd nfs idmap plugin (man sss_rpcidmapd)
But the biggest problem is wrong sssd configuration.
Is there a reason why you cannot join machine to AD
with "realm join". It will use krb5 keytab for connection
to AD instead of certificate. But configuration is much simpler.
LS