With a trust between IPA and Active Directory, only AD users with UNIX attributes have uid numbers in RHEL.

Solution Verified - Updated -

Issue

  • The documentation doesn't seem to outline the process for how UIDs for AD users is handled in a trust configuration. I was expecting SIDs to be converted to UIDs but I don't see this in the documentation.
  • After I created the external group for AD users and added that group to a POSIX group, the client systems still cannot see some of the users. I am following the steps outlined in the Windows Integration Guide. The client systems can only see users with UNIX attributes. Is there a way I can disable this?
  • I want all users to have IDs generated off SIDs by IPA but there are other platforms that leverage UNIX attributes in AD so I can't remove this on the AD side. Is there a way to configure IPA to generate UIDs based on SID for all accounts regardless? Like some type of manual overwrite?

Environment

  • Red Hat Enterprise Linux 7
  • Windows Active Directory

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content