|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
problem with NIS and AD user attributesin trying to resolve that. However, there is a separate issue that i need help with. It seems that on my linux boxes when it tries to get user info from NIS it is receiving information in different attributes for that user. for example, I had one user where I needed to change their home directory. However, every linux login had the old home directory. after going into adsiedit and looking at the unixHomeDirectory attribute, it had the old folder. I changed that value manually and immediately was using the new home directory. In addition, I just enabled a new user and configured the uid, home directory, etc and on every domain controller it shows the correct information. however, from linux when i do 'id newuser' it returns 'no such user' I then discovered that the unixHomeDirectory attributes are null. I couldn't make sense as to why aduc was showing settings for unix attributes when linux can't see them (as if there is no nis user). i think i figured out why. when i look at the user properties, i found a number of attributes starting with msSFU30 with endings of homedirectory, login shell, nisdomain, etc which has the values shown in aduc. i guess the question is, why is nis looking at one set of attributes and returning that to linux while aduc is using different attributes? i'm not sure exactly when this started happening, but i did recently extend the schema to include a 2008 domain controller - but not sure as to whether this was an issue before the schema upgrade. been looking around for a while and haven't found anything useful so far. Just an update...
On my 2003 servers, the settings I put for that user are correct. However, when I go to unix attributes on my 2008 server, it says 'no primary group' also, the home directory and login shell are not what I put earlier - it used defaults. As soon as i changed those to what I had on the 2003 server, now the linux box shows the info for the user. Also, I looked at the attributes and found that the settings starting with msSFU30 (msSFU30UidNumber, msSFU30LoginShell, etc) are now the same as the others (uidNumber, unixHomeDirectory, loginShell) Can someone confirm this happened with the 2008 schema extension or at least explain the reason for this? Show quoteHide quote "seth" <m*@myhome.net> wrote in message news:eNa$ifBqJHA.1172@TK2MSFTNGP05.phx.gbl... >I still have an issue with my NIS management console and have had no >success > in trying to resolve that. However, there is a separate issue that i need > help with. > > It seems that on my linux boxes when it tries to get user info from NIS it > is receiving information in different attributes for that user. > > for example, I had one user where I needed to change their home directory. > However, every linux login had the old home directory. after going into > adsiedit and looking at the unixHomeDirectory attribute, it had the old > folder. I changed that value manually and immediately was using the new > home directory. In addition, I just enabled a new user and configured the > uid, home directory, etc and on every domain controller it shows the > correct > information. however, from linux when i do 'id newuser' it returns 'no > such > user' > > I then discovered that the unixHomeDirectory attributes are null. I > couldn't make sense as to why aduc was showing settings for unix > attributes > when linux can't see them (as if there is no nis user). i think i figured > out why. when i look at the user properties, i found a number of > attributes > starting with msSFU30 with endings of homedirectory, login shell, > nisdomain, > etc which has the values shown in aduc. > > i guess the question is, why is nis looking at one set of attributes and > returning that to linux while aduc is using different attributes? i'm not > sure exactly when this started happening, but i did recently extend the > schema to include a 2008 domain controller - but not sure as to whether > this > was an issue before the schema upgrade. been looking around for a while > and > haven't found anything useful so far. > > > Earlier versions of SNIS used the attributes starting with msSFU30Name
and when 2008 or 2003 R2 DC is introduced and the correspoding IdMU components are installed, they use the RFC2307 compliant attributes. Seems in your case the client were binding to the newer NIS server which was looking for the RFC2307 attributes to look for the information while the information was actually stored in the older attributes. As soon as you used the W2K8 tools to populate this information, the SNIS can locate it and send it to the client. This procedure needs to be done for all the users and you also need to update the older SNIS drivers to now look at the RFC2307 attributes so all your DCs running NIS drivers agree on the schema being used. This will allow you to manage the users from any of the DC and still not run in to the confusion like this. A support case will be best to have someone working with you and get this done quickly. - Ashish > i guess the question is, why is nis looking at one set of attributes and To rephrase Ashish's answer: you shouldn't run SFU 3.5 NIS in a domain> returning that to linux while aduc is using different attributes? that has also W2k8 domain controllers. They are incompatible. Regards, Martin Yes, they use different schema but there's a hot fix for SFU 3.5 that
makes it compatible with the RFC2307 schema - I don't recall the KB number but I'll find out. You need to install that on all DCs that are not W2K3 R2 or W2K8. Unfortunately, installing that hot fix doesn't move the information from the older attributes to the newer attribute so there is some work that needs to be scriptized. - Ashish ok so my assumptions are correct....this somewhat broke after updating the
schema prior to installing 2008 domain controller. since the nis console is broke since before the schema update (servers say it can't read information from AD) none of my linux boxes are using the 2003 servers (none are R2) so that would explain it. i'll look around also to find that hotfix. Show quoteHide quote "Ashish" <ashy***@gmail.com> wrote in message news:f1471427-39d1-4490-a003-6d2706370905@d2g2000pra.googlegroups.com... > Yes, they use different schema but there's a hot fix for SFU 3.5 that > makes it compatible with the RFC2307 schema - I don't recall the KB > number but I'll find out. You need to install that on all DCs that are > not W2K3 R2 or W2K8. > > Unfortunately, installing that hot fix doesn't move the information > from the older attributes to the newer attribute so there is some work > that needs to be scriptized. > > - Ashish 
Thread options
Other interesting topics
Infrastructure FSMO role owner attibute not correct in root domain
What am I doing wrong? (Want to use Server 2003 R2 for Domain Cont offline KB 810859 Home directory Roamin Profiles Error message: During a logon attempt, the user's security context servers loooking for group policy on dead server Problem After Defining Static RPC Port Quick question about two-way trust. duplicate SPN's |
|||||||||||||||||||||||
