[Freeipa-users] Lesson learned: don't do this.
KodaK
sakodak at gmail.com
Wed Nov 20 21:56:48 UTC 2013
Just wanted to pass along an issue I just had.
We have some legacy local users on some boxes, and we need to have a mix of
those local users and IPA users in the same groups.
In order for that to happen (at least on AIX) I need to create a group in
IPA with the GID of the local group. This can be a problem because the GID
may be used by different groups on different boxes (we inherited this mess.)
To organize this, I would create groups like this in IPA:
host1-foogroup:208
host2-bargroup:208
host3-bazgroup:208
This worked, until I added a fourth group with the same GID. AIX stopped
allowing members of 208 to connect to any hosts.
I was forced to move them all into a single group and abandon my attempts
at organization.
This was hard to find, but obvious in retrospect.
--
The government is going to read our mail anyway, might as well make it
tough for them. GPG Public key ID: B6A1A7C6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131120/8425dcff/attachment.htm>
More information about the Freeipa-users
mailing list