[ale] Any AD + SSSD expertise?

Chuck Payne terrorpup at gmail.com
Thu Aug 31 14:04:36 EDT 2023 

As an IDM Admin, you can't use SSSD with SuSE. You are better off user
Beyond Trust AD Bridge.

On Thu, Aug 31, 2023 at 1:59 PM Allen Beddingfield via Ale <ale at ale.org>
wrote:

> So, we currently have our Linux systems using an old 389 Directory for
> authentication, and have to switch to AD authentication to retire that
> system.  I don't have any say in that matter, so authenticating to AD is
> the mandated solution that I have to get working.  Most of these systems
> are SUSE Linux Enterprise 15, with a few 12.x systems.
> I got the old sssd.conf and nsswitch.conf working for LDAP 10+ years ago,
> and really just haven't looked at it since, as it has worked without any
> issue.  I'm not wanting to go through the process of adding everything to
> AD, doing kerberos, etc....  so this will be SSSD using AD as an LDAP
> source for authentication.  I've got that part working well.  However, I've
> got one annoyance.  With the LDAP setup, the users would just kind of look
> like local users, in that their primary group would be the local "users"
> group.  (This is SUSE, so all users get the same primary group of "users",
> instead of an individual group that corresponds to their username).
> However, when configured against AD, the users' primary group is "Domain
> Users".  I'm trying to find some way to either duplicate the old behavior,
> or at least have "Domain Users" be something like "adusers" without the
> capital letters and space.  I saw a suggestion for functionality to
> implement the Red Hat style individual user groups, but that isn't really
> what I'm trying to accomplish.
>
> Anyone ever done this, or have any idea how to accomplish something like
> this?
> I asked ChatGPT, and got suggested some parameters for the config file
> that I think it just made up haha
> Allen B.
>
> --
> Allen Beddingfield
> Systems Engineer
> Office of Information Technology
> The University of Alabama
> Office 205-348-2251
> allen at ua.edu
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>


-- 
Terror PUP a.k.a
Chuck "PUP" Payne
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- Terrorpup
openSUSE Ambassador/openSUSE Member
skype,twiiter,identica,friendfeed -- terrorpup
freenode(irc) --terrorpup/lupinstein
Register Linux Userid: 155363

openSUSE Community Member since 2008.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20230831/2d297036/attachment.htm>

More information about the Ale mailing list