CentOS - Mar 2011 - Centos+AD integration (uid/gid problems)

Hi,

I need to have several EL machines in an AD env. 
Joining the machines was easier than expected using authconfig, but what 
happens now is that blahdomain\blahuser gets assigned a 
different, random ID each time I use a different station.
In AD I did specify the UID and GID in the UNIX Attributes tab for blahuser, 
but it gets totally ignored; so do the other values (for home, shell etc).

Ideally I'd have all the users assigned a static uid and gid from AD and 
have /home on all machines mounted from NFS; but right now if I log in with 
blahuser to another machine my $HOME is owned by another random id.

Sugesstions? What am I missing? I'm quite a noob with Windows :)

Cheers

On Tue, Mar 29, 2011 at 06:07:46PM +0100, nux at li.nux.ro
wrote:
> Hi,
> 
> I need to have several EL machines in an AD env. 
> Joining the machines was easier than expected using authconfig, but what 
> happens now is that blahdomain\blahuser gets assigned a 
> different, random ID each time I use a different station.
> In AD I did specify the UID and GID in the UNIX Attributes tab for
blahuser,
> but it gets totally ignored; so do the other values (for home, shell etc).
> 
> Ideally I'd have all the users assigned a static uid and gid from AD
and
> have /home on all machines mounted from NFS; but right now if I log in with
> blahuser to another machine my $HOME is owned by another random id.
> 
> Sugesstions? What am I missing? I'm quite a noob with Windows :)
> 
> Cheers
You might try taking a look at idmap_ad(8) (and the other idmap_* man
pages as well).

I'm not sure which idmap backend gets used by default (RID?).  I did
think idmap_rid would result in consistent UID/GID mappings based on
the SID assuming you choose the same ranges on each server...

Ray

On Tue, 2011-03-29 at 18:07 +0100, nux at li.nux.ro
wrote:
> I need to have several EL machines in an AD env. 
> Joining the machines was easier than expected using authconfig, but what 
> happens now is that blahdomain\blahuser gets assigned a 
> different, random ID each time I use a different station.
> In AD I did specify the UID and GID in the UNIX Attributes tab for
blahuser,
> but it gets totally ignored; so do the other values (for home, shell etc).
Do you have UNIX identity management turned on in AD?

If so I think you can -

idmap backend = ad
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind cache time = 300
> Ideally I'd have all the users assigned a static uid and gid from AD
and
> have /home on all machines mounted from NFS; but right now if I log in with
> blahuser to another machine my $HOME is owned by another random id.
> Sugesstions? What am I missing? I'm quite a noob with Windows :)
This is winbind stuff.