Linux, Windows AD domain, and IDs
Scott Ehrlich
srehrlich-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Dec 3 21:58:33 EST 2010
On Fri, Dec 3, 2010 at 8:22 PM, Dan Ritter <dsr-mzpnVDyJpH4k7aNtvndDlA at public.gmane.org> wrote:
> On Fri, Dec 03, 2010 at 06:23:46PM -0500, Scott Ehrlich wrote:
>> You have a CentOS (for example) workstation that is a member of a
>> Windows AD domain courtesy of modified smb.conf and krb5.conf files.
>> There are, thus, no local user accounts on the linux workstation.
>>
>> There is a network application that benefits most (maybe even
>> requires) the user's employee ID as their linux workstation uid.
>>
>> Thus, if I log in, my domain username might be scott12. My employee
>> ID might be se123456. If I log into the linux workstation, I'm
>> going to log in as scott12 along with providing my password. I type
>> id at the shell, and am given something like 100001 (scott12) for the
>> user. How can I manage to make the id [also] equal to se123456 for
>> user scott12 without breaking anything?
>>
>> Or, if not possible, is there any other option other than to create a
>> local account as se123456 and likely migrate the user's world to that
>> new local account? I'd rather not.
>>
>> Thanks for any leads.
>
> I don't think I understand your problem entirely, but does it
> help if I mention that your username is not your userid, and you
> can have multiple accounts with the same numeric userid (and
> thus the same permissions) but with different usernames?
>
> i.e.:
>
> username:x:1024:65534:useless name:/home/username:/bin/sh
> otherguy:x:1024:65534:other guy:/home/username:/bin/sh
>
> are the same userid, and have precisely the same permissions.
>
The above is correct. Now, in my case, /etc/passwd does NOT have the
above entries. /etc/passwd ONLY has the default entries given by the
OS. The user logs in with credentials that are strictly in active
directory. IF the account was local, I could easily change
username's ID from 1024 to actually the numeric portion of the
employee id (123456 from se123456).
But, with NO local account in /etc/passwd, how can I do this?
Thanks.
Scott
>
> -dsr-
>
>
>
> --
> http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.
> You can't defend freedom by getting rid of it.
>
More information about the Discuss
mailing list