[Freeipa-users] Local users/groups to IPA Transition
Baird, Josh
jbaird at follett.com
Thu Jul 31 14:45:19 UTC 2014
> I wouldn't recommend duplicating your users, pick one and use that. If you
> want to be able to manage your users, groups, HBAC, sudo, etc.
> centrally then you'll want the users in IPA. But if you leave them locally you
> may end up with corner case problems.
>
> If you *do* end up adding your local users to IPA then yeah, you've got a
> decision to make. Either your use the existing UID/GID which is probably fine
> (though you may want to look adding a local range) or you let IPA assign a
> new UID from its own range, then you have to quickly change file ownership
> on all enrolled systems.
>
Well, the users are definitely going to be in IPA (or AD via IPA). However, they *will* exist in both IPA and locally during the migration period. If they have the same UID/GIDs in both places (local and IPA), then I will need to prefer IPA to 'files' in nsswitch.conf. The main reason I want to duplicate the local UID/GID's in IPA is to retain file permissions.
Josh
More information about the Freeipa-users
mailing list