[Cialug] smb & AD authentication for CentOS during domain functional level raise
mike at visionary.com
Thu Feb 28 14:32:54 UTC 2019
Hi Linux users,
Our AD domain is currently hosted by a couple '08SP2 (not R2) and 12R2 domain controllers running at domain functional level '03 and it's about time we upgrade. We have a little over twenty CentOS (vers. 5, 6 & 7) development servers which use AD authentication and share samba mounts.
The best info I found regarding this upgrade's impact on Linux shares & authentication is this article from Centrify  which mentions that the smb service might have to be restarted.
I also have not found a working reliable source for the best method to join additional CentOS servers to the domain. Right now we're using a mix of samba and winbind for centos 5/6  and sssd for centos 7 . My ignorance around Kerberos is vast and wonder if/how that might play a role in this.
We did notice that with the standard sssd setup, our UID and GIDs were different so we set:
and then set the values for each user object manually within ADUC --> Attribute Editor --> gidNumber and uidNumber to match what they reported from a CentOS 6 machine's "id user" command.
I'm increasingly anxious about raising the functional level since it is a one-way process with no rollback option. Does anyone have more definitive sources of information for the best way to manage this, or know a local vendor who is well-versed in AD integration?
More information about the Cialug