I am having an issue that might be mostly cosmetic but I’ve gotta keep the user complaints down. 🙂
I have a set of servers running CentOS 7.4 and have the requirement to join the servers to an Active Directory domain. The users are defined in the domain with POSIX attributes but there are not groups defined for each user. I joined the domain with
realm join --user=me --membership-software=adcli --computer-name=myhostname EXAMPLE.GOV
/etc/sssd/sssd.conf contains this
[sssd] domains = example.gov config_file_version = 2 services = nss, pam default_domain_suffix = EXAMPLE.GOV [domain/example.gov] ad_domain = example.gov krb5_realm = EXAMPLE.GOV realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_sasl_authid = myhostname$ ldap_id_mapping = False use_fully_qualified_names = True fallback_homedir = /home/%u ldap_user_home_directory = unixHomeDirectory access_provider = ad full_name_format = %1$s override_shell = /bin/bash
So far so good but I do have a problem with getting a group name for myself.
$ id me uid=123456(me) gid=123456 groups=123456 $ getent passwd me me:*:123456:123456:Doug:/home/me:/bin/bash $ getent group me $
What I want is for
getent group me to return
123456. It looks like the
sssd configuration options
auto_private_groups or magicPrivateGroups (
magic_private_groups?) is what I’m looking for but neither option is supported under CentOS 7.
ldap_id_mapping is not a option as these ids are not consistent across all of our platforms. Any suggestions?