UIDs on UCS DC and UCS Member Server for a User Don't Match UID on CentOS SSSD-joined Client

I am trying to setup access to an NFS share on the UCS member server for a CentOS client. The client is joined with SSSD to the domain.

The user with POSIX ACL permissions to the NFS share shows up as UID 2006 on both UCS machines.

nfs4_getfacl command shows the UID of 2006 on the mounted NFS share, but the user isn’t UID 2006 on the CentOS system, it is 1209601121.

Thus, I get permission errors when trying to access the files. Any ideas?

The addition to the realm join command:

realm join –automatic-id-mapping=no -v -U Administrator dom.domain.local

Bold is the change I performed to get the UIDs working on both ends. The id command now also shows the same UID on the CentOS system as on the UCS member system.

That addition adds ldap_id_mapping = False to /etc/sssd/sssd.conf under the [domain/dom.domain.local] section. If adding that later (in other words, if the machine is already joined), you also need to clear the SSSD cache (?) with something like rm /var/lib/sss/db/*

Will confirm shortly if this resolved NFS issues. Ideally I’d like Kerberos working with NFSv4, but that’s a different problem.