[Freeipa-users] [freeipa-users] How to manage Linux attributes for AD users (e.g. how do I set a shell for an AD User)
Jon
three18ti at gmail.com
Thu Feb 4 19:24:38 UTC 2016
Hello,
How does one manage linux attributes for AD users. Primarily in my case,
I'm looking to change the default shell to either Bash or KSH depending on
the user.
I can create a .profile that either sources bash or ksh rcs... e.g.:
>> $ cat ~/.profile
>> bash ./.bashrc
This is really less than ideal and just seems like the wrong way to do it,
especially considering we have a tool like FreeIPA.
According to Microsoft
<http://blogs.technet.com/b/activedirectoryua/archive/2015/01/25/identity-management-for-unix-idmu-is-deprecated-in-windows-server.aspx>,
they are no longer supporting Identity Management for Unix. Does FreeIPA
honor the attributes set by IDMU? Even if it's deprecated, I suppose we
could continue to use it...
This previous FreeIPA thread
<https://www.redhat.com/archives/freeipa-users/2013-April/msg00007.html> seems
to indicate you can force the shell for anyone in the domain logging into
that machine, but we have some users who prefer one shell over the other.
I did what I believe to be standard, I created a security group in AD,
added that group to a group an external group in FreeIPA, then made an
internal group and added the external group as a member to the internal
group. Unfortunately, this doesn't seem to expose any of the AD attributes
for management. Or maybe I'm just misunderstanding...
Any thoughts? How are you managing individual AD user settings?
Thanks,
Jon A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160204/f3231eab/attachment.htm>
More information about the Freeipa-users
mailing list