<div dir="ltr">One initial question that might determine if it's going to be extremely difficult is whether or not that old config was using the dynamic UID/GID mapping based on the SID or whether you had added those to the user/group DNs. We're in the process of moving systems as we rebuild the environment to use SSSD and we're using AD but we're planning to have a subdomain for the Linux systems to keep them separate from the Windows systems. </div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 31, 2023 at 1:59 PM Allen Beddingfield via Ale <<a href="mailto:ale@ale.org">ale@ale.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">So, we currently have our Linux systems using an old 389 Directory for authentication, and have to switch to AD authentication to retire that system.  I don't have any say in that matter, so authenticating to AD is the mandated solution that I have to get working.  Most of these systems are SUSE Linux Enterprise 15, with a few 12.x systems.<br>
I got the old sssd.conf and nsswitch.conf working for LDAP 10+ years ago, and really just haven't looked at it since, as it has worked without any issue.  I'm not wanting to go through the process of adding everything to AD, doing kerberos, etc....  so this will be SSSD using AD as an LDAP source for authentication.  I've got that part working well.  However, I've got one annoyance.  With the LDAP setup, the users would just kind of look like local users, in that their primary group would be the local "users" group.  (This is SUSE, so all users get the same primary group of "users", instead of an individual group that corresponds to their username).  <br>
However, when configured against AD, the users' primary group is "Domain Users".  I'm trying to find some way to either duplicate the old behavior, or at least have "Domain Users" be something like "adusers" without the capital letters and space.  I saw a suggestion for functionality to implement the Red Hat style individual user groups, but that isn't really what I'm trying to accomplish.<br>
<br>
Anyone ever done this, or have any idea how to accomplish something like this?<br>
I asked ChatGPT, and got suggested some parameters for the config file that I think it just made up haha<br>
Allen B.<br>
<br>
--<br>
Allen Beddingfield<br>
Systems Engineer<br>
Office of Information Technology<br>
The University of Alabama<br>
Office 205-348-2251<br>
<a href="mailto:allen@ua.edu" target="_blank">allen@ua.edu</a><br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="https://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">https://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><p dir="ltr" style="line-height:1.656;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Jeremy T. Bouse</span></p><p dir="ltr" style="line-height:1.656;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Sr. DevOps Engineer</span></p><p dir="ltr" style="line-height:1.656;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">321.525.3280</span></p><p dir="ltr" style="line-height:1.656;margin-top:0pt;margin-bottom:0pt"><a href="https://undergrid.net/" style="text-decoration:none" target="_blank"><span style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">UnderGrid.net</span></a></p><p style="color:rgb(34,34,34);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><a href="https://www.credly.com/badges/69208741-17c8-4876-a5c0-bcaa9078ba29" style="text-decoration:none" target="_blank"><span style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap"><span style="border:none;display:inline-block;overflow:hidden;width:96px;height:96px"><img src="https://lh4.googleusercontent.com/HhH_XCkiHPpWFqwrCu1usqJKf42Pdk32atiscm1XYHxDDkEzjAIDbQL4i6rLRjjPrOGN3ZTEiOM12wqxuMnp4Xm-LD5peX9NauDbsxFCg9KEaLKBtGFthEWDZ0mfC_IWR31eSNTc3z46vF8t0g" width="96" height="96" style="margin-left: 0px; margin-top: 0px;"></span></span></a><a href="https://www.credly.com/badges/8613a442-3830-42c9-a629-8e1576dfec5e" style="text-decoration:none" target="_blank"><span style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap"><span style="border:none;display:inline-block;overflow:hidden;width:96px;height:96px"><img src="https://lh6.googleusercontent.com/Hz_F-y2yqOdU_eEbifE_KdEz0rZ6sOstQpY7Leqjf1d3_sHs0iaYOugAacgr0N-akqIIBk5RLsJZYJ_Rs_hhY1kC1QMsF3XgeWk3rOSfdyNbKkS4MReHKp5A2uQEZORiimoG7BQPfbchgXhsHg" width="96" height="96" style="margin-left: 0px; margin-top: 0px;"></span></span></a></p></div></div></div>