IPA: How to access AD Users posix UID and GID set in AD via IPA - AD Trust?
Environment
- Red Hat Enterprise Linux 7.1
- IPA 4.1
Issue
- IPA: How to access AD Users posix UID and GID set in AD via IPA - AD Trust?
Resolution
1. Remove any existing IPA - AD trust if any.
# ipa trust-del <trust name>
Example:
# ipa trust-del adtrust.com
2. Check if any ID range exist based on earlier trust.
# ipa idrange-find
Example:
Range name: ADTRUST.COM_id_range
First Posix ID of the range: 1102600000
Number of IDs in the range: 200000
First RID of the corresponding RID range: 0
Domain SID of the trusted domain: S-1-5-21-215172948-1740282438-2351240408
Range type: Active Directory domain range
3. If the id range exist then delete it.
# ipa idrange-del <NAME>
Example:
# ipa idrange-del ADTRUST.COM_id_range
4. Creat new trust with AD using option ipa-ad-trust-posix.
# ipa trust-add --type=ad <AD domainname> --admin Administrator --password --range-type=ipa-ad-trust-posix
Example:
# ipa trust-add --type=ad adtrust.com --admin Administrator --password --range-type=ipa-ad-trust-posix
--range-type=ipa-ad-trust-posix : To use posix uid and gid set in AD
5. Restart SSSD service
service sssd stop; rm -f /var/lib/sss/db/* ; service sssd start
6. Check if the AD users UID and GID information is reflecting correctly.
# id <AD User>
Example:
# id aduser@adtrust.com
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.