[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux AD Integration with consistent UID and GID

On Fri, Aug 31, 2012 at 4:10 PM, Robert Freeman-Day <presgas@gmail.com> wrote:
> Hash: SHA1
> Nico,
> I have some chicken scratches on consistent UID/GID mapping with
> idmap_hash,  which takes the Windows SID (Security ID) and makes a
> Linux readable hash.  This works if your AD people have not/will
> not/messed up implementation the schema extensions for UID/GID.

Thanks for the thought. I didn't start the thread,  *I* don't need it.
I've got varous means to publish consistent UID/GID/expired account
information across domains, particularly with read-only source
controlled environments, and deploying them to only those hosts they
belong on. I might find puppet or its like to be easier, but am
unlikely to need that for a while. I generally want to really restrict
the list of available accounts for Linux environment, not activating
all the members of AD, but like to use the built-in Kerberos of AD to
play well, which is relatively easy.

> Check it out to see if it works for you:
> "https://uisapp2.iu.edu/confluence-prd/display/~rmday/Linux+Integration+with+Active+Directory";

Reply to: