RHEL 7.6 add domain users to local group and UID mapping

Latest response

Hello,
I configured AD domain logon on RHEL 7.6 server by relamd and have two questions:

first how when domain user logon first time (allowed from 'example@domain' group) how to automaticaly add that domain user to 'test' local group?

second question we will have plan to migrate ca. 1000 local users from one server (old debian) to rhel 7.6 'domain users'. Our policy was that local users have the same login as domain user (except @domain part). I can get list user names and UID's for each user, I can transfer home directories from old /home/user to new /home/user@domain. But how to get new domain user automaticaly access to their new /home/user@domain directory before they login first time new server?

thank you in advance for help

Maciek

Responses

Hello Maciej,

I'm not entirely sure if I understand your question but I try to give an answer anyway.

You have to make sure that the uid/gid of the domain users has access to the corresponding directories. For example, you could gather the uid from the old server and set it as UIDnumber for the corresponding domain user in Active Directory. Of course this won't work if you use automatic-id-mapping. For the latter you could use a table matching old and new uid with the username and set the new uid on the new home directory.

Do you get the idea?

Best regards,
Joerg

Thanks, that was the fastest answer I ever get! You mean this:

RedHat windows integration guide

I will have to try it. But where to check UID for domain user on redhat server (after first login of course)?

The UID for domain user on RHEL server you will find first after you logged in. Or maybe be running the id command for the username in question. IMHO using automatic-id-mapping is difficult in this case. It would be easier if you use the UIDs/GIDs from your old server and set them as POSIX attributes in Active Directory.

Thank you. Is thare any way I can add Active Directory group to local group? Or automatically add AD user after first logon to local group? What is best option?

Hi,
I cannot give you some good advice on this one because I've never done it that way.

I took the GID from a local group and set it as gidNumber in Active Directory for the user(s).