2012/8/10 Gordon Ross <gordon.w.r...@gmail.com>: > On Tue, Aug 7, 2012 at 9:25 AM, James Relph <ja...@themacplace.co.uk> wrote: >>> I've got a server hooked up to a 2003 AD and CIFS and netatalk are both >>> allowing AD users to login (netatalk 3 via PAM). One thing that's a bit >>> puzzling is that the afpd process correctly gets the correct username >>> mapping (and shows up as being owned by the correct user with a ps >>> listing), but whatever the user writes is only written as UID 60001 (ie. >>> nobody). >> >> Update time; after a further dig I assume that the reason the UID isn't >> being written to the filesystem is due to this (from the idmap man page): >> >> "To prevent aliasing problems, all file systems, archive and backup >> formats, and protocols must store SIDs or map all UIDs and GIDs in the >> 2^31 to 2^32 - 2 range to the nobody user and group." >> >> So, the question becomes, is it possible to get OpenIndiana to store the >> SIDs for users, and if not, why will it store the GID as correctly mapped, >> but the UID is translated to 60001? I can get around this with static maps, >> but obviously that's not ideal based on duplicating the AD user listing (can >> be scripted at least). >> >> What's even weirder is that the CIFS server happily stores the UID in the >> filesystem even if the ephemerally mapped UID is in the 2^31 to 2^32 range. >> >> Very, very odd. >> >> Any insight gratefully appreciated! >> >> James. > > If you setup idmap to use IDMU, then you'll get the UID/GID values > provided by AD, which are presumably the same values your other LDAP > clients will get from AD. :)
<http://wiki.openindiana.org/oi/Active+Directory+Integration> -f _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
