[Freeipa-users] Mixing local FreeIPA users with active directory users
Dmitri Pal
dpal at redhat.com
Fri Nov 21 00:42:30 UTC 2014
On 11/20/2014 07:38 PM, William Muriithi wrote:
> ?Hi guys,
>
> I am wondering how one would go about allowing both ad users and
> FreeIPA user to work in harmony.
>
> I recently was able to get FreeIPA to use trust to service unix
> systems. However, I encountered resistance as some people didn't like
> the long username, for example,
> username at domain.local@dev1.example.com. ? So I created local accounts
> and forced everyone back to FreeIPA users.
>
> Some people didn't mind the name format and would prefer a single
> username everywhere. So now things are a bit cool, am investigating if
> these accounts can coexist and would like it to be up to the user's
> which account the will use
>
> When I check id when logged in on with ad account, I don't ? see the
> group developer, but see developers at example.local. This is a problem
> since I can't assign files to two groups, something I need as they
> have files they all have change. I also need both users to have SUDO
> access, this is fine as I can just duplicate SUDO commands one for
> developers group and another for developers at example.local
>
>
> How would one fix file sharing between ad and FreeIPA users?
>
> I don't think one can put a group within another group? Or am I wrong
> on that? Google results seem negative
>
> Thanks for advice
>
> William
>
>
>
Check this
http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust
I think you might want to consider views and override names there.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141120/cb1d46a4/attachment.htm>
More information about the Freeipa-users
mailing list