On 22/08/14 14:23, Andre Pitanga wrote:
Hi list-
I'm working on a project using Active Directory 2008 R2 with Identity Management for UNIX service to provide authentication and identity for Linux users via sssd.
Using this setup, is it possible to have the Linux username and group name be the same (e.g. user apache, group apache)?
You cannot have a 'user' object and a 'group' object with the same name, further more, the example you give is a 'local unix' user and should not be put into AD. If you did put them into AD, you would have to remove them from /etc/passwd and if the domain went down for some reason, you would have NO USERS at all.
If you are going to use AD, then I suggest that you do a bit more research, it will not work the way you want it to, this has nothing to do with sssd.
Rowland
I've learned that the sAMAccountName attribute must be unique across the domain but I'm not sure if sssd uses this attribute to "translate" the UID and GID to names in Linux. Hope this makes sense!
Our sssd.conf is:
[sssd] config_file_version = 2 debug_level = 0 domains = example.com services = nss, pam [domain/example.com] id_provider = ad access_provider = ad # We rely on UNIX extended attributes in AD ldap_id_mapping = false enumerate = true
--
Andre Pitanga RHCE 100-077-478 (917) 745-6256 andre.pitanga@redhat.com Red Hat, Inc. Red Hat Consulting
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users