Hi SSSD Users list,

Our AD domain is functional level '03 and it's about time we upgrade. We have a little over twenty CentOS (vers. 5, 6 & 7) development servers which use AD for ssh authentication and shared samba mounts. The best info I found regarding this upgrade's impact on Linux shares & authentication is this article from Centrify [1] which mentions that the smb service might have to be restarted.

I also have not found a working reliable source for the best method to join additional CentOS servers to the domain. Right now we're using a mix of samba and winbind for centos 5/6 [2] and sssd for centos 7 [3]. My ignorance around Kerberos is vast and wonder if/how that might play a role in this.

We did notice that with the standard sssd setup, our UID and GIDs were different so we set: --automatic-id-mapping=no and then set the values for each user object manually within ADUC --> Attribute Editor --> gidNumber and uidNumber to match what they reported from a CentOS 6 machine's "id user" command.

I'm increasingly anxious about raising the functional level since it is a one-way process with no rollback option. What are the best sources of information for managing AD integration?

Thank you! Mike

[1] https://community.centrify.com/t5/TechBlog/Basics-Understanding-how-Active-D... [2] https://www.server-world.info/en/note?os=CentOS_6&p=samba&f=7 [3] https://www.server-world.info/en/note?os=CentOS_7&p=realmd