<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:9pt" ><div dir="ltr" ><div><br><font size="2" face="Default Monospace,Courier New,Courier,monospace" >> Basically Samba ignores the separate GID field in RFC2307bis, so one<br>> imagines the options for changing the LDAP attributes are none<br>> existent.</font></div>
<div> </div>
<div>mmuserauth now has an option to use either the gid from the actual primary<br>group or the gid defined for the user. See:</div>
<div> </div>
<div><a href="https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.0/com.ibm.spectrum.scale.v5r00.doc/bl1adm_mmuserauth.htm">https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.0/com.ibm.spectrum.scale.v5r00.doc/bl1adm_mmuserauth.htm</a></div>
<div> </div>
<div>--unixmap-domains unixDomainMap<br>[...]<br> win: Specifies the system to read the primary group set as Windows primary group of a user on the Active Directory.</div>
<div> unix: Specifies the system to read the primary group as set in "UNIX attributes" of a user on the Active Directory. <br> For example,<br> --unixmap-domains "MYDOMAIN1(20000-50000:unix);MYDOMAIN2(100000-200000:win)"</div>
<div>This gets mapped to 'idmap config ... : unix_primary_group' in the<br>internal config.</div></div>
<div dir="ltr" ><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial;font-size:10.5pt" ><div dir="ltr" ><br><span style="font-size:0.857em;" ><span style="font-family: Verdana,Geneva,sans-serif;" >Christof Schmitt || IBM || Spectrum Scale Development || Tucson, AZ<br>christof.schmitt@us.ibm.com || +1-520-799-2469 (T/L: 321-2469)</span></span></div></div></div></div>
<div dir="ltr" > </div>
<div dir="ltr" > </div>
<blockquote data-history-content-modified="1" data-history-expanded="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: Jonathan Buzzard <jonathan.buzzard@strath.ac.uk><br>Sent by: gpfsug-discuss-bounces@spectrumscale.org<br>To: gpfsug main discussion list <gpfsug-discuss@spectrumscale.org><br>Cc:<br>Subject: Re: [gpfsug-discuss] Question concerning integration of CES with AD authentication system<br>Date: Thu, May 24, 2018 7:50 AM<br>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" >On Thu, 2018-05-24 at 14:16 +0000, Skylar Thompson wrote:<br>> I haven't needed to change the LDAP attributes that CES uses, but I<br>> do see --user-id-attrib in the mmuserauth documentation.<br>> Unfortunately, I don't see an equivalent one for gidNumber.<br>><br><br>Is it not doing the "Samba thing" where your GID is the GID of your<br>primary Active Directory group? This is usually "Domain Users" but not<br>always.<br><br>Basically Samba ignores the separate GID field in RFC2307bis, so one<br>imagines the options for changing the LDAP attributes are none<br>existent.<br><br>I know back in the day this had me stumped for a while because unless<br>you assign a GID number to the users primary group then Winbind does<br>not return anything, aka a "getent passwd" on the user fails.<br><br>JAB.<br><br>--<br>Jonathan A. Buzzard Tel: +44141-5483420<br>HPC System Administrator, ARCHIE-WeSt.<br>University of Strathclyde, John Anderson Building, Glasgow. G4 0NG<br><br><br>_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at spectrumscale.org<br><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a></font><br> </div></blockquote>
<div dir="ltr" > </div></div><BR>