We're working on a case in an all Windows environment where a new installation
involves 10 Linux servers (all SLES 11 SP2).
In order to manage the SLES servers we wanna integrate the servers with Active
Directory. By using Yast|Windows Domain Membership we've already done this.
And we've limited ssh to only allow members of certain AD groups to login.
We've also tied sudo to AD groups, so that depending on what AD groups the user
is a member of, he may perform various commands through sudo.
The problem we're seeing is that this integration actually gives AD users different
UIDs on different servers. Since the UIDs begin at 10000 it depends on which AD
user first authenticates to a server. First AD user to authenticate gets UID=10000
next AD user gets 10001 and so on. This can end up with having different users
having UID 10000 on different servers.
In order to be able to track user activity it's vital that all AD users have the same
UID on all servers. How may we achieve this? If at all possible we'd like to avoid
having to make any changes to AD Schema and not install any additional
components on the Domain Controllers. Is there anyway to achieve this by using
only what's available in SLES?