Re: Linux AD Integration with consistent UID and GID
On Fri, Aug 31, 2012 at 4:10 PM, Robert Freeman-Day <email@example.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> I have some chicken scratches on consistent UID/GID mapping with
> idmap_hash, which takes the Windows SID (Security ID) and makes a
> Linux readable hash. This works if your AD people have not/will
> not/messed up implementation the schema extensions for UID/GID.
Thanks for the thought. I didn't start the thread, *I* don't need it.
I've got varous means to publish consistent UID/GID/expired account
information across domains, particularly with read-only source
controlled environments, and deploying them to only those hosts they
belong on. I might find puppet or its like to be easier, but am
unlikely to need that for a while. I generally want to really restrict
the list of available accounts for Linux environment, not activating
all the members of AD, but like to use the built-in Kerberos of AD to
play well, which is relatively easy.
> Check it out to see if it works for you: