Mac Can't Retrieve Group GID's | ||||||
| posted by Tom Salciccia on Dec. 25, 2013, 3:13 p.m. (1 day ago) | ||||||
| ||||||
| Thread Tags: Mac OS X 10.8/10.9 Active Directory 2012 Group GID Retrieve | ||||||
| ||||||
I've got a bunch of Mac OS X 10.8 and 10.9 bound to Active Directory. They authenticate just fine. I have not installed SFU. I do not want to use NIS. AD 2012 has the RFC 2307 attributes already in place. In Active Directory, I have manually entered UID's and GID's in to User objects. The Mac clients retrieve User UID's and GID's from the user objects just fine based on the "Mappings" window in the Directory Utility. The problem I'm having is that I found that if I map the "Map group GID" option to the AD attribute "gidNumber", then NO group membership is retrieved from Active Directory 2102 "Member of" tab. If I do NOT map "Map group GID to attribute", then group membership IS retrieved from AD, except the Primary Group "Domain Users". But if I leave the item unmapped and the Mac's retrieve the group memberships, the Mac's do not retrieve the GID's I allocated to the Group Objects. They are apparently hashing some value and deriving their own numeric identifier for the groups of which the user is a member. Then this value is getting stamped onto a shared file system. Because this is a Mac-generated value, this will be a problem in a multi-platform environment. Has anyone out there seen this issue? Resolved it some how? I can't seem to find any documentation on it anywhere. |