Dear Martin, Thank you very much Kevin From: Martin Kosek <mkosek@redhat.com> To: KevinTang@umac.mo Cc: freeipa-users@redhat.com Date: 09/12/2013 03:29 PM Subject: Re: [Freeipa-users] [How to] Set UID, GID, HomeDir in Trust AD user <hr noshade> <tt>On 09/12/2013 09:16 AM, KevinTang@umac.mo wrote: > Dear all, > > I have two domain, one is Windows AD domain, another is IPA domain. Both > two domain already have two-ways trust, and Windows AD user can logon > under IPA Client PC successfully. > > Since user account in Windows AD can logon IPA Client PC, May I set UID, > GID, HomeDir for the user from Windows AD? If so, how should I do? Any > tutorial on web? > > Thanks > Kevin Tang > With a plain Active Directory and users signing from AD to FreeIPA Linux client, AD user will get automatically assigned UID and GID based on their Windows identification (SID). This should work fine. However, I think you cannot set custom home dir centrally, unless you configure "Services for Identity Management for UNIX" AD extension and FreeIPA to use it: Design page of the feature: </tt><a href=http://www.freeipa.org/page/V3/Use_posix_attributes_defined_in_AD><tt>http://www.freeipa.org/page/V3/Use_posix_attributes_defined_in_AD</tt></a><tt> Test day page (a.k.a. tutorials): </tt><a href="https://fedoraproject.org/wiki/Test_Day:2013-07-25_AD_trusts_with_POSIX_attributes_in_AD_and_support_for_old_clients"><tt>https://fedoraproject.org/wiki/Test_Day:2013-07-25_AD_trusts_with_POSIX_attributes_in_AD_and_support_for_old_clients</tt></a><tt> ... and particularly this part: </tt><a href=https://fedoraproject.org/wiki/QA:Testcase_freeipa_using_posix_attributes_in_ad><tt>https://fedoraproject.org/wiki/QA:Testcase_freeipa_using_posix_attributes_in_ad</tt></a><tt> If you do not want to use the extension, you could for example override the default home dir on FreeIPA clients e.g. with subdomain_homedir option of sssd.conf (man sssd.conf). HTH, Martin </tt>