[Freeipa-users] AD user intergration with IPA

Dmitri Pal dpal at redhat.com
Mon Jan 11 15:50:22 UTC 2010 

Shan Kumaraswamy wrote:
> Simo,
> Thanks for your mail, we already installed and configured freeIPA in
> please, but my admin group asking one AD user will have complete root
> priviliage and log in to entire RHEL infrastrcuture, and RHEL servers
> local root will be disabled. So only one user will be login and do any
> changes, rest of the local system users will be disabled.
>  
This centrally managed IPA user should be given privileges via sudo as
Simo pointed out.
Then local users can be disabled (or better use long and strong
passwords just in case you need to do some recovery work at the console).
If you are concerned about the case when the client can get offline then
consider using SSSD on the client.

Thanks
Dmitri
> Regards,
> Shan Kumaraswamy
>
> On Mon, Jan 11, 2010 at 4:49 PM, Simo Sorce <ssorce at redhat.com
> <mailto:ssorce at redhat.com>> wrote:
>
>     On Mon, 11 Jan 2010 10:58:17 +0300
>     Shan Kumaraswamy <shan.sysadm at gmail.com
>     <mailto:shan.sysadm at gmail.com>> wrote:
>
>     > Dear All,
>     >
>     > Can any of one could provide me the detail steps of how the AD
>     > accounts would be granted root privileges on RHEL servers using IPA?
>     >
>     > Thanks in Advance.
>     >
>     > Regards,
>     >
>     > Shan Kumaraswamy
>
>     The best way is to provide sudo access for the users you want to grant
>     root privs to.
>
>     Simo.
>
>     --
>     Simo Sorce * Red Hat, Inc * New York
>
>     _______________________________________________
>     Freeipa-users mailing list
>     Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
>
> -- 
> Thanks & Regards
> Shan Kumaraswamy
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list