[gpfsug-discuss] Question concerning integration of CES with AD authentication system
Skylar Thompson
skylar2 at uw.edu
Thu May 24 15:51:09 BST 2018
On Thu, May 24, 2018 at 03:46:32PM +0100, Jonathan Buzzard wrote:
> On Thu, 2018-05-24 at 14:16 +0000, Skylar Thompson wrote:
> > I haven't needed to change the LDAP attributes that CES uses, but I
> > do see --user-id-attrib in the mmuserauth documentation.
> > Unfortunately, I don't see an equivalent one for gidNumber.
> >
>
> Is it not doing the "Samba thing" where your GID is the GID of your
> primary Active Directory group? This is usually "Domain Users" but not
> always.
>
> Basically Samba ignores the separate GID field in RFC2307bis, so one
> imagines the options for changing the LDAP attributes are none
> existent.
>
> I know back in the day this had me stumped for a while because unless
> you assign a GID number to the users primary group then Winbind does
> not return anything, aka a "getent passwd" on the user fails.
At least for us, it seems to be using the gidNumber attribute of our users.
On the back-end, of course, it is Samba, but I don't know that there are
mm* commands available for all of the tunables one can set in smb.conf.
--
-- Skylar Thompson (skylar2 at u.washington.edu)
-- Genome Sciences Department, System Administrator
-- Foege Building S046, (206)-685-7354
-- University of Washington School of Medicine
More information about the gpfsug-discuss
mailing list