Bind Secondary Groups to Active Directory w/ Unix Extensions

macos active-directory

Solution 1:

It sounds like you have the user records' gid attribute mapped, but not the group records' gid. You can check this from the command line with dsconfigad:

$ sudo dsconfigad -show
[...]
Advanced Options - Mappings
  Mapping UID to attribute       = uidNumber
  Mapping user GID to attribute  = gidNumber
  Mapping group GID to attribute = gidNumber
  Generate Kerberos authority    = Enabled
[...]

Note the "Mapping group GID to attribute = gidNumber" -- that's what I think you're missing. You can set it from the command line with sudo dsconfigad -ggid gidNumber, on with the GUI program /System/Library/CoreServices/Directory Utility.app (click the padlock to authenticate as admin, double-click the Active Directory connector, click the triangle to "Show Advanced Options", click the Mappings tab, then enable "Map group HID to attribute" and set it to "gidNumber").

Related

My Shut Down menu is partially in English
Prevent Terminal from overwriting preferences on exit
Fake location find my friends
Deleting Bookmarks and History in iPad
How do I run virtual machines in Parallels Lite on Mojave?
Why do I get notifications about new Photos memories from a decade ago?
login page font very thin
Automator: "Ask for Text" pass to "Rename Finder Items" possible?
Seagate (Samsung) external drive USB 3.0 not mounting on High Sierra
Bash History missing from Terminal
King of Thieves Gem spinner
Can melting ice be done stylishly or done with Command Blocks?