Am Wed, May 12, 2021 at 06:46:29AM -0000 schrieb iulian roman via FreeIPA-users:
Am Tue, May 11, 2021 at 03:09:54PM -0000 schrieb iulian roman via FreeIPA-users:
Hi,
can you give some more details about the group, where it comes from IPA or AD, and the GID, it is the original GID of the group or coming from an id-override as well?
Hi,
There is trust between IPA and AD (non-posix trust) . All AD users which have a uidNumber and gidNumber configured in AD have been added in 'Default Trust View' and idoverride configured for them (the uid and gid override is the same like the one in AD). The same AD users which are configured above are as well part of IPA posix groups via group membership (ex. ad_unix_users is member of ipa unix_users group) in order to configure sudo rules for them. On the ipa servers and replicas i can query/list attributes for all users, on ipa clients i can list users (via id <username> command) for which uid/gid is overridden _only_ after i manually run getent group <default_user_gid>. For the users which do not have uid and gid overriden it works correctly.
I do not know if explanation is clear, but if you need more information, please let me know.
Hi,
did you use the IPA 'unix_users' group as primary group for those users and given the GID of 'unix_users' in the id-overrides for the users? Or did you you a different group as primary group?
bye, Sumit
bye, Sumit
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure