[Freeipa-users] Local users/groups to IPA Transition
Baird, Josh
jbaird at follett.com
Wed Jul 30 14:58:15 UTC 2014
Hi,
We are evaluating RHEL7 IdM (FreeIPA 3.3) for identity management for our UNIX infrastructure. All of our Linux hosts currently have standard and consistent UID/GIDs for at least all of our administrative users. I'm looking for advice on how to migrate these users into IPA.
Since we already have consistent UID/GID numbering for our local users, would it be advisable to use these same UID/GIDs for the IPA users? The local users and groups with the same UID/GIDs would still exist on the host during the IPA transition. I assume that if we decided to do this, we would need to modify /etc/nsswitch.conf on each host so "sss" is queried before "files" for passwd/shadow/group.
Eventually we plan to configure a kerberos trust with our AD domain where we could configure these UID/GIDs via AD's POSIX UID/GID settings.
How have others handled local to IPA migrations? Any advice or input would be greatly appreciated.
Thanks,
Josh
More information about the Freeipa-users
mailing list