Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Linux, Windows AD domain, and IDs

On Fri, Dec 3, 2010 at 8:22 PM, Dan Ritter <dsr-mzpnVDyJpH4k7aNtvndDlA at> wrote:
> On Fri, Dec 03, 2010 at 06:23:46PM -0500, Scott Ehrlich wrote:
>> You have a CentOS (for example) workstation that is a member of a
>> Windows AD domain courtesy of modified smb.conf and krb5.conf files.
>> There are, thus, no local user accounts on the linux workstation.
>> There is a network application that benefits most (maybe even
>> requires) the user's employee ID as their linux workstation uid.
>> Thus, if I log in, my domain username might be scott12. ? My employee
>> ID might be se123456. ? ?If I log into the linux workstation, I'm
>> going to log in as scott12 along with providing my password. ? ?I type
>> id at the shell, and am given something like 100001 (scott12) for the
>> user. ? ?How can I manage to make the id [also] equal to se123456 for
>> user scott12 without breaking anything?
>> Or, if not possible, is there any other option other than to create a
>> local account as se123456 and likely migrate the user's world to that
>> new local account? ?I'd rather not.
>> Thanks for any leads.
> I don't think I understand your problem entirely, but does it
> help if I mention that your username is not your userid, and you
> can have multiple accounts with the same numeric userid (and
> thus the same permissions) but with different usernames?
> i.e.:
> username:x:1024:65534:useless name:/home/username:/bin/sh
> otherguy:x:1024:65534:other guy:/home/username:/bin/sh
> are the same userid, and have precisely the same permissions.

The above is correct.   Now, in my case, /etc/passwd does NOT have the
above entries.   /etc/passwd ONLY has the default entries given by the
OS.   The user logs in with credentials that are strictly in active
directory.   IF the account was local, I could easily change
username's ID from 1024 to actually the numeric portion of the
employee id (123456 from se123456).

But, with NO local account in /etc/passwd, how can I do this?



> -dsr-
> --
> is hereby incorporated by reference.
> You can't defend freedom by getting rid of it.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /