[Freeipa-users] ID Views without AD
Mike Kelly
pioto at pioto.org
Wed Feb 10 05:16:59 UTC 2016
Hi,
I'm attempting to use ID Views as a shim, to allow me to have an existing
host work with FreeIPA without having to re-chown many many files.
Here's my basic strategy, and where things seem to be failing:
For any truly local groups (e.g. for specific local services), I continue
to manage those in /etc/groups
For any users, they should be managed in FreeIPA, especially the password
and SSH Pubkeys. But, they should continue to appear with their old UIDs
and GIDs on the server. This means the user doesn't exist in /etc/passwd or
/etc/shadow anymore (or the local password would be used, as I understand
it).
An ID View is created, applied to this host, and has a user override added
to override the UID and GID of the user.
But, when I do this, I continue to see the usual UID and GID in the output
of `id $USER`, etc, even after running `sss_cache -E` and `systemctl
restart sssd`.
Is there some extra logging I can turn on to see why this ID View isn't
being applied like I would expect? Or perhaps some extra bit of
configuration I missed?
I'm running a pair of CentOS 7 boxes, one acting as the FreeIPA server, and
the other is the "legacy" box I want to shim FreeIPA into...
Thanks.
--
Mike Kelly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160210/44d2fe8e/attachment.htm>
More information about the Freeipa-users
mailing list