[OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)
James Relph
james at themacplace.co.uk
Tue Aug 7 13:25:31 UTC 2012
> I've got a server hooked up to a 2003 AD and CIFS and netatalk are both allowing AD users to login (netatalk 3 via PAM). One thing that's a bit puzzling is that the afpd process correctly gets the correct username mapping (and shows up as being owned by the correct user with a ps listing), but whatever the user writes is only written as UID 60001 (ie. nobody).
Update time; after a further dig I assume that the reason the UID isn't being written to the filesystem is due to this (from the idmap man page):
"To prevent aliasing problems, all file systems, archive and backup formats, and protocols must store SIDs or map all UIDs and GIDs in the 2^31 to 2^32 - 2 range to the nobody user and group."
So, the question becomes, is it possible to get OpenIndiana to store the SIDs for users, and if not, why will it store the GID as correctly mapped, but the UID is translated to 60001? I can get around this with static maps, but obviously that's not ideal based on duplicating the AD user listing (can be scripted at least).
What's even weirder is that the CIFS server happily stores the UID in the filesystem even if the ephemerally mapped UID is in the 2^31 to 2^32 range.
Very, very odd.
Any insight gratefully appreciated!
James.
More information about the OpenIndiana-discuss
mailing list