[ale] Any AD + SSSD expertise?
Justin W Elam
justin.w.elam at gmail.com
Thu Aug 31 14:13:09 EDT 2023
Allen
I think when there is a will there is a way around something.
Since you are re running SUSE.
Likely the best option would be to use a different product to merge the 389
with active directory using a product like
https://www.manageengine.com/products/self-service-password/
ADSelfServicePlus.
That allows AD to manage the password change and then sync to 389 and other
projects and products
Google, MS365, Apple Mac, HPC, and Others
AD => ADSelfService => 389, MS365, Zoho, VOIP, Google, etc.
According to their website one of their customers is Kubota
Cheers from Justin.
--
-------------------------------------
Justin W Elam
On Thu, 31 Aug 2023, 12:59 Allen Beddingfield via Ale, <ale at ale.org> wrote:
> So, we currently have our Linux systems using an old 389 Directory for
> authentication, and have to switch to AD authentication to retire that
> system. I don't have any say in that matter, so authenticating to AD is
> the mandated solution that I have to get working. Most of these systems
> are SUSE Linux Enterprise 15, with a few 12.x systems.
> I got the old sssd.conf and nsswitch.conf working for LDAP 10+ years ago,
> and really just haven't looked at it since, as it has worked without any
> issue. I'm not wanting to go through the process of adding everything to
> AD, doing kerberos, etc.... so this will be SSSD using AD as an LDAP
> source for authentication. I've got that part working well. However, I've
> got one annoyance. With the LDAP setup, the users would just kind of look
> like local users, in that their primary group would be the local "users"
> group. (This is SUSE, so all users get the same primary group of "users",
> instead of an individual group that corresponds to their username).
> However, when configured against AD, the users' primary group is "Domain
> Users". I'm trying to find some way to either duplicate the old behavior,
> or at least have "Domain Users" be something like "adusers" without the
> capital letters and space. I saw a suggestion for functionality to
> implement the Red Hat style individual user groups, but that isn't really
> what I'm trying to accomplish.
>
> Anyone ever done this, or have any idea how to accomplish something like
> this?
> I asked ChatGPT, and got suggested some parameters for the config file
> that I think it just made up haha
> Allen B.
>
> --
> Allen Beddingfield
> Systems Engineer
> Office of Information Technology
> The University of Alabama
> Office 205-348-2251
> allen at ua.edu
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20230831/a0bd90e1/attachment.htm>
More information about the Ale
mailing list