[Freeipa-users] Switch sudoers to IPA

deepak dimri deepak.dimri2016 at gmail.com
Thu Mar 2 16:20:41 UTC 2017 

Hi Jakub, Actually that is what i am doing. i am creating the user with
same UID in IPA and then if i delete the user locally then i can
authenticate via IPA. Is there anyway i can do this without deleting the
user? This is just to use the same GID and avoid recreation of
home/directories.

Many Thanks for your response!

Regards,
Deepak

On Thu, Mar 2, 2017 at 8:40 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:

> On Thu, Mar 02, 2017 at 07:09:41PM +0530, deepak dimri wrote:
> > Hi List,
> >
> > I have sudo and normal users accessing linux systems using their private
> > key without IPA. I have IPA fully functioning and now i want to switch
> the
> > users from local file login to IPA.
> >
> > Any new user i create in IPA can SSH into ipa client jump boxes fine. I
> > want to know how i can migrate existing local sudoers users to IPA.  This
> > is what i have done to achieve this:
> >
> > 1-  Created a new user in IPA with the same name as i have in Jumpbox.
> > 2 - Added the public key of that user in IPA.
> > 3-  Added the user to jumpbox_usergroup as my sshd.conf forces the users
> of
> > this group to authenticate against the pam/sssd
> >
> > Now when i try to ssh into jumpbox using as i was doing before i still
> logs
> > into the jumpbox via unix pam and not IPA.  What should i be doing so
> that
> > the "existing" local unix users can login via IPA?
>
> But do you need to keep the local users around? Why not create the IPA
> user with the same UID as the local user and remove the local user?
>
> Typically, if there is a user both in the local files and a remote
> source, the system (as configured in nsswitch.conf) would first return
> the local user and the PAM stack then only authenticates this user using
> pam_unix.so
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170302/ae9a1218/attachment.htm>

More information about the Freeipa-users mailing list