UID & GID Mapping on Centrify
12-03-2018 08:35 PM
Currently I’m using centrify for AD authentication for linux severs. I need to get list of all the UID and GID with associate to centrify and is there any documentation to learn how uid and gid map between AD and linux severs
12-04-2018 06:29 AM
Welcome to the Centrify forums. You are posting in the Express forum. If you're using our commercial options, see commercial below. If you're using Centrify Express then use:
adquery user > lists all Centrify-enabled users (all users from local and trusted domains in Express) in UNIX user format.
adquery group > lists all Centrify-enabled groups (all AD groups from local and trusted domains in Express) in UNIX user format.
This is because the identities of users and groups are generated on the fly using either the Centrify or Apple UID/GID schemes. For custom identity management like UID/GID mapping, refer to the commercial product.
For more info on Centrify CLI commands, check this oldie but goodie:
- Centrify CLI: same methods as above (for a simple host).
- Centrify Report Services (preferred) - Use the Access Manager Report (User and Group Reports)
More info: https://docs.centrify.com/en/css/2018-html/index.html#page/Reporting/What_Centrify_report_services_p...
- Access Manager GUI
Open the Zone(s) in question, UNIX Data > Users or Group > Export List.
More info: https://docs.centrify.com/en/css/2018-html/index.html#page/Planning,_preparation,_and_deployment/uni...
- PowerShell and AD Edit
Here's a quick PowerShell one-liner that displays all users from a zone called 'Global'
Get-CdmUserProfile -Zone (Get-Zone -Name 'Global') | Select-Object Name, Uid, PrimaryGroupID, Shell, HomeDirectory, Gecos | Out-GridviewProduces this output
For Group Profiles, use Get-CdmGroupProfile
- ADEdit - https://docs.centrify.com/en/css/2018-html/index.html#page/ADEdit_scripting/What_ADEdit_provides.3.h...
- Centrify Access PowerShell - https://docs.centrify.com/en/css/2018-html/index.html#page/Access_control_and_privilege_management_w...
I hope this helps.
12-04-2018 10:28 PM
Thank you for the details explanation. I got the existing UID and GID list from one of my linux server. And I have notice some entries have without username. AnyIdea what are that entries
- 00008872f764:x:1053044709: 1053044709:00008571f364:/home/00008571f364:/bin/bash
12-05-2018 05:00 AM
That requires familiarity with your environment.
Why not do an adquery user [username] -A to get more information?
From what the entry looks like the user name is 00008872f764