[Freeipa-users] ipa user-add

george he george_he7 at yahoo.com
Fri Jun 22 03:11:17 UTC 2012 

Hello Rich,
Thanks for the help. This does remove the group so I can add the user back.
But when I try to ssh, as that user, to the machines that the user logged on before "ipa user-del", I get "permission denied".
I removed the user's home directory because it still belongs to the deleted UID:GID. After that I still get "permission denied".
Any suggestions?
Thanks again,
George



>________________________________
> From: Rich Megginson <rmeggins at redhat.com>
>To: george he <george_he7 at yahoo.com> 
>Cc: "freeipa-users at redhat.com" <freeipa-users at redhat.com> 
>Sent: Thursday, June 21, 2012 2:43 PM
>Subject: Re: [Freeipa-users] ipa user-add
> 
>
>On 06/21/2012 12:25 PM, george he wrote: 
>Hello all,
>>
>>
>>After the server and the client are installed, I run
>>
>>
>>ipa user-add myname
>>
>>
>>
>>to add users. The users are added successfully, but each user get his own GID, which is the same as his UID, even though "ipa config-show --all" shows
>>
>>  Default users group: ipausers
>>
>>
>>
>>How do I put all new users to this ipausers group? If I use --gidnumber=INT, how to find out the GID of the ipausers group?
>>
>>
>>I tried to delete a user using "ipa user-del myname", but the private group myname is left there. So I did the following:
>>
>>
>>
>># ipa group-del myname
>>ipa: ERROR: Deleting a managed group is not allowed. It must
          be detached first.
>># ipa group-detach myname
>>ipa: ERROR: myname: group not found
>>
>># ipa user-add myname
>>First name: myfirstname
>>Last name: mylastname
>>ipa: ERROR: Unable to create private group. A group 'myname'
          already exists.
>>
>>
>>How do I get out of this loop?
>What is your platform and 389-ds-base version?
>
>I'm not familiar with group-detach, but you can manually detach and
    remove the private group using ldapsearch and ldapmodify:
>
>assuming you have done kinit admin:
>1) ldapsearch -LLL -Y GSSAPI cn=myname dn
>This will give you the DN of the group - ignore any entries in the
    compat tree
>
>2) ldapmodify -Y GSSAPI <<EOF
>dn: DN of the group from ldapsearch
>changetype: modify
>delete: objectclass
>objectclass: mepManagedEntry
>-
>delete: mepManagedBy
>-
>
>dn: DN of the group from ldapsearch
>changetype: delete
>EOF
>
>This will remove the private group.
>
>
>>
>>Thanks,
>>George
>>
>>
>>
>>
>>_______________________________________________
Freeipa-users mailing list Freeipa-users at redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120621/87a65727/attachment.htm>

More information about the Freeipa-users mailing list