I was not aware zfs could do a uid mapping. If you understand what it is doing then perhaps you can configure sssd to use the same scheme. I have not used that feature either since we decided on our mapping over 6 years ago. I think it makes sense to use AD to store all the password file fields in AD. Not everybody has the luxury of cooperative AD administrators, so understand others having to work around it. SAN is not a fileserver by itself.
> -----Original Message----- > From: sssd-users-boun...@lists.fedorahosted.org [mailto:sssd-users- > boun...@lists.fedorahosted.org] On Behalf Of Longina Przybyszewska > Sent: Friday, 15 February 2013 1:02 AM > To: 'End-user discussions about the System Security Services Daemon' > Subject: Re: [SSSD-users] migrating from NIS to AD+kerberos > > >> I understand that the approach with RID (real ID ??) mapping > achieves > > >consistent name mapping across all types file servers – am I right? > > >I'm not sure what you mean by "across all types of file servers" but > the mapping should be consistent, yes. > > We have diverse file servers Oracle Sun 7000(zfs), Ubuntu server( in > test NFS4+sssd ), SAN ; > > For example Zfs mapping algorithm (using window-sid) is not the same > as client's with sssd-ad so, > we do not get the same user on both ends. > > If we would like to have common storage for all possible clients(linux, > mac, win), to give user access to the same files > simultaneously - we need to have common and unique mapping between > windows sid and unix uid/gid. > > In my understanding we can achieve it only if Posix uid/gid are built > from windows sid. > Only then from window client and linux client we get the same uid on > the file server. > > Maybe I am wrong - please, enlighten me. > > Longina > > > >But maybe in sssd context it doesn’t make sense – as Ondrej points > out. > > > > > >Ondrej, if you say “sssd can serve automount maps for automounter” – > > >that means sssd can read ldap automounter map, and do it > automatically if we define autofs service in [nss] but first > automounter has to know about sssd and link to sssd libraries? > >> > > See http://jhrozek.livejournal.com/2500.html for example. > > > > Alternative, now we have to convert NIS auto.home maps to ldap > > format, and load them to AD (???), then reconfigure automounter to > ask AD for entry instead of NIS. > > By the way how do I find what class/attributes I want in AD-ldap for > autofs? > > > > Longina > _______________________________________________ > sssd-users mailing list > sssd-users@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > _______________________________________________ > sssd-users mailing list > sssd-users@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
