My CentOS 7 machine has successfully joined a domain FOOBAR (as verified by realm list
) and here's the information about an user coming from the AD (non-local):
[root@centos7 ~]# id jdoe@FOOBAR.GLOBAL
uid=5631533(jdoe@FOOBAR.GLOBAL) gid=5600513(domain users@FOOBAR.GLOBAL)
groups=5600513(domain users@FOOBAR.GLOBAL),5631532(othergroup@FOOBAR.GLOBAL)
How are UID and GID assigned? Is it possible to somehow map them to some desired value?
Best Answer
AD mapping in SSSD is determined using an algorithm (probably a hash function) in the daemon itself: because it's built-in, if you keep the defaults the same, every computer using SSSD should map the IDs to the same value regardless of the computer being used. Here's Red Hat's explanation for the AD mapping:
You can set the ID minimums and maximums using
min_id
andmax_id
in the [domain/name] section of sssd.conf. Look under "Domain Sections" for the description; "Examples" has an example of its use:If you override these values, make sure to set the same mappings on any other system using that domain in SSSD if you want to maintain consistent mappings!