On Tue, Aug 7, 2012 at 9:25 AM, James Relph <[email protected]> wrote: >> I've got a server hooked up to a 2003 AD and CIFS and netatalk are both >> allowing AD users to login (netatalk 3 via PAM). One thing that's a bit >> puzzling is that the afpd process correctly gets the correct username >> mapping (and shows up as being owned by the correct user with a ps listing), >> but whatever the user writes is only written as UID 60001 (ie. nobody). > > Update time; after a further dig I assume that the reason the UID isn't being > written to the filesystem is due to this (from the idmap man page): > > "To prevent aliasing problems, all file systems, archive and backup formats, > and protocols must store SIDs or map all UIDs and GIDs in the 2^31 to 2^32 > - 2 range to the nobody user and group." > > So, the question becomes, is it possible to get OpenIndiana to store the SIDs > for users, and if not, why will it store the GID as correctly mapped, but the > UID is translated to 60001? I can get around this with static maps, but > obviously that's not ideal based on duplicating the AD user listing (can be > scripted at least). > > What's even weirder is that the CIFS server happily stores the UID in the > filesystem even if the ephemerally mapped UID is in the 2^31 to 2^32 range. > > Very, very odd. > > Any insight gratefully appreciated! > > James.
If you setup idmap to use IDMU, then you'll get the UID/GID values provided by AD, which are presumably the same values your other LDAP clients will get from AD. :) -- Gordon Ross <[email protected]> Nexenta Systems, Inc. www.nexenta.com Enterprise class storage for everyone _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
