Hello I have 5 servers. The users of all servers are created locally. All users have Home. Now I will connect the Servers to the Free ipa server to enable them to log in with the Users I have created in Free IPA. However, how will the users' home folders that were created in the past match the User created in Free ipa? Or will the users need to delete their home folders to be created again.
If I need to delete the Home folders of the users, I will need to back up the data of all users. This is a huge workload.
Thankyou for support.
Alper AYKUT via FreeIPA-users wrote:
Hello I have 5 servers. The users of all servers are created locally. All users have Home. Now I will connect the Servers to the Free ipa server to enable them to log in with the Users I have created in Free IPA. However, how will the users' home folders that were created in the past match the User created in Free ipa? Or will the users need to delete their home folders to be created again.
If I need to delete the Home folders of the users, I will need to back up the data of all users. This is a huge workload.
Let me restate the problem.
You have 5 servers with local users on them with their own uid/gid. I assume its even possible that a user on server A has a different uid/gid than system B-E, right?
Now you want to introduce IPA to manage users and the IPA users have different uid/gid from the local users on the various servers and you want to preserve their data.
If that is correct then you'll need to find all files owned by the local uid and/or gid and chown/chgrp them to the IPA equivalent.
The find command can be helpful to identify all affected files using the -uid or -gid option. The -exec option can be used to call chown or chgrp to update the ownership.
I'd recommend searching from root (/) and not just /home in order to catch files in various tmp directories or other hidden-away locations.
Depending on how many users you're talking about, particularly if there is a mixed bag between systems, this is going to take a while either way.
Note that this centralization is one of the benefits that IPA brings. It's just painful to move to from a distributed setup. It should be a one-time pain though.
rob
Hi,If I need to explain through my A server
There are about 30 locally running users in my A server. These users have their own homelands. Example.
username.surname /home/username.surname username1.surname1 /home/username1.surname1 username2.surname2 /home/username2.surname2
Now I have recreated and centralised the users of my server a to Free ipa.
Now when users connect to my A server, they will connect with usernames created centrally on Free ipa, and the usernames I created in Free ipa are the same as the usernames they used to work locally.
Now my problem is that when I create a new user in Free ipa it gives new uid and gid number. When my users connect to server A, how will they connect to their homelar, which they use locally, for example /home/username.surname different uid and gid number.
Briefly, what is the method of connecting to my own home / username.surname without conflicting with the usernames that I have created and centralised with home / username.surname names Free ipa, which was created locally on my A server. Can it conflict? If it conflicts, before connecting server a to free ipa, should I tell my users to back up their home/username.surname folders, delete all local home folders, and that home folders will be automatically recreated when they enter with usernames centralised with free ipa?
I hope I'm not too confusing.
thankyou for support.
Rob Crittenden rcritten@redhat.com, 11 Oca 2024 Per, 18:58 tarihinde şunu yazdı:
Alper AYKUT via FreeIPA-users wrote:
Hello I have 5 servers. The users of all servers are created locally. All users have Home. Now I will connect the Servers to the Free ipa server to enable them to log in with the Users I have created in Free IPA. However, how will the users' home folders that were created in the past match the User created in Free ipa? Or will the users need to delete their home folders to be created again.
If I need to delete the Home folders of the users, I will need to back up the data of all users. This is a huge workload.
Let me restate the problem.
You have 5 servers with local users on them with their own uid/gid. I assume its even possible that a user on server A has a different uid/gid than system B-E, right?
Now you want to introduce IPA to manage users and the IPA users have different uid/gid from the local users on the various servers and you want to preserve their data.
If that is correct then you'll need to find all files owned by the local uid and/or gid and chown/chgrp them to the IPA equivalent.
The find command can be helpful to identify all affected files using the -uid or -gid option. The -exec option can be used to call chown or chgrp to update the ownership.
I'd recommend searching from root (/) and not just /home in order to catch files in various tmp directories or other hidden-away locations.
Depending on how many users you're talking about, particularly if there is a mixed bag between systems, this is going to take a while either way.
Note that this centralization is one of the benefits that IPA brings. It's just painful to move to from a distributed setup. It should be a one-time pain though.
rob
Alper AYKUT wrote:
Hi,If I need to explain through my A server
There are about 30 locally running users in my A server. These users have their own homelands. Example.
username.surname /home/username.surname username1.surname1 /home/username1.surname1 username2.surname2 /home/username2.surname2
Now I have recreated and centralised the users of my server a to Free ipa.
Now when users connect to my A server, they will connect with usernames created centrally on Free ipa, and the usernames I created in Free ipa are the same as the usernames they used to work locally.
Now my problem is that when I create a new user in Free ipa it gives new uid and gid number. When my users connect to server A, how will they connect to their homelar, which they use locally, for example /home/username.surname different uid and gid number.
Briefly, what is the method of connecting to my own home / username.surname without conflicting with the usernames that I have created and centralised with home / username.surname names Free ipa, which was created locally on my A server. Can it conflict? If it conflicts, before connecting server a to free ipa, should I tell my users to back up their home/username.surname folders, delete all local home folders, and that home folders will be automatically recreated when they enter with usernames centralised with free ipa?
I hope I'm not too confusing.
IPA isn't going try to delete or create a new home directory. You'll want to be sure that the homedirectory value in IPA matches the format you're currently using. It sounds like it will.
But if the UID/GID are different between the original local users and the IPA users then you'll need to reset the ownership to match IPA prior to them logging in. Otherwise they won't have read permission to their home directory and will be dropped in /.
Backing things up is probably a good idea in general before doing mass ownership changes.
You can test this by adding a new local user, create the homedir and drop a few files into it, then add the same user to IPA, then try to log in.
rob
thankyou for support.
Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com>, 11 Oca 2024 Per, 18:58 tarihinde şunu yazdı:
Alper AYKUT via FreeIPA-users wrote: > Hello I have 5 servers. The users of all servers are created locally. > All users have Home. Now I will connect the Servers to the Free ipa > server to enable them to log in with the Users I have created in Free > IPA. However, how will the users' home folders that were created in the > past match the User created in Free ipa? Or will the users need to > delete their home folders to be created again. > > If I need to delete the Home folders of the users, I will need to back > up the data of all users. This is a huge workload. Let me restate the problem. You have 5 servers with local users on them with their own uid/gid. I assume its even possible that a user on server A has a different uid/gid than system B-E, right? Now you want to introduce IPA to manage users and the IPA users have different uid/gid from the local users on the various servers and you want to preserve their data. If that is correct then you'll need to find all files owned by the local uid and/or gid and chown/chgrp them to the IPA equivalent. The find command can be helpful to identify all affected files using the -uid or -gid option. The -exec option can be used to call chown or chgrp to update the ownership. I'd recommend searching from root (/) and not just /home in order to catch files in various tmp directories or other hidden-away locations. Depending on how many users you're talking about, particularly if there is a mixed bag between systems, this is going to take a while either way. Note that this centralization is one of the benefits that IPA brings. It's just painful to move to from a distributed setup. It should be a one-time pain though. rob
On Thu, Jan 11, 2024 at 6:56 PM Rob Crittenden via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Alper AYKUT wrote:
Hi,If I need to explain through my A server
There are about 30 locally running users in my A server. These users have their own homelands. Example.
username.surname /home/username.surname username1.surname1 /home/username1.surname1 username2.surname2 /home/username2.surname2
Now I have recreated and centralised the users of my server a to Free
ipa.
Now when users connect to my A server, they will connect with usernames created centrally on Free ipa, and the usernames I created in Free ipa are the same as the usernames they used to work locally.
Now my problem is that when I create a new user in Free ipa it gives new uid and gid number. When my users connect to server A, how will they connect to their homelar, which they use locally, for example /home/username.surname different uid and gid number.
Briefly, what is the method of connecting to my own home / username.surname without conflicting with the usernames that I have created and centralised with home / username.surname names Free ipa, which was created locally on my A server. Can it conflict? If it conflicts, before connecting server a to free ipa, should I tell my users to back up their home/username.surname folders, delete all local home folders, and that home folders will be automatically recreated when they enter with usernames centralised with free ipa?
I hope I'm not too confusing.
IPA isn't going try to delete or create a new home directory. You'll want to be sure that the homedirectory value in IPA matches the format you're currently using. It sounds like it will.
But if the UID/GID are different between the original local users and the IPA users then you'll need to reset the ownership to match IPA prior to them logging in. Otherwise they won't have read permission to their home directory and will be dropped in /.
I had this issue this week, and that's exactly what happened.
Changing ownership to the new uid/gid fixed the problem. (Fortunately, in my case, it was only a few users.)
Rafael
Backing things up is probably a good idea in general before doing mass ownership changes.
You can test this by adding a new local user, create the homedir and drop a few files into it, then add the same user to IPA, then try to log
in.
rob
thankyou for support.
Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com>, 11 Oca 2024 Per, 18:58 tarihinde şunu yazdı:
Alper AYKUT via FreeIPA-users wrote: > Hello I have 5 servers. The users of all servers are created
locally.
> All users have Home. Now I will connect the Servers to the Free
ipa
> server to enable them to log in with the Users I have created in
Free
> IPA. However, how will the users' home folders that were created in the > past match the User created in Free ipa? Or will the users need to > delete their home folders to be created again. > > If I need to delete the Home folders of the users, I will need to
back
> up the data of all users. This is a huge workload. Let me restate the problem. You have 5 servers with local users on them with their own uid/gid.
I
assume its even possible that a user on server A has a different
uid/gid
than system B-E, right? Now you want to introduce IPA to manage users and the IPA users have different uid/gid from the local users on the various servers and
you
want to preserve their data. If that is correct then you'll need to find all files owned by the
local
uid and/or gid and chown/chgrp them to the IPA equivalent. The find command can be helpful to identify all affected files
using the
-uid or -gid option. The -exec option can be used to call chown or
chgrp
to update the ownership. I'd recommend searching from root (/) and not just /home in order to catch files in various tmp directories or other hidden-away
locations.
Depending on how many users you're talking about, particularly if
there
is a mixed bag between systems, this is going to take a while either way. Note that this centralization is one of the benefits that IPA
brings.
It's just painful to move to from a distributed setup. It should be
a
one-time pain though. rob
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
-- Rafael Guterres Jeffman Senior Software Engineer FreeIPA - Red Hat
On 11-01-2024 22:56, Rob Crittenden via FreeIPA-users wrote:
Alper AYKUT wrote:
Hi,If I need to explain through my A server
There are about 30 locally running users in my A server. These users have their own homelands. Example.
username.surname /home/username.surname username1.surname1 /home/username1.surname1 username2.surname2 /home/username2.surname2
Now I have recreated and centralised the users of my server a to Free ipa.
Now when users connect to my A server, they will connect with usernames created centrally on Free ipa, and the usernames I created in Free ipa are the same as the usernames they used to work locally.
Now my problem is that when I create a new user in Free ipa it gives new uid and gid number. When my users connect to server A, how will they connect to their homelar, which they use locally, for example /home/username.surname different uid and gid number.
Briefly, what is the method of connecting to my own home / username.surname without conflicting with the usernames that I have created and centralised with home / username.surname names Free ipa, which was created locally on my A server. Can it conflict? If it conflicts, before connecting server a to free ipa, should I tell my users to back up their home/username.surname folders, delete all local home folders, and that home folders will be automatically recreated when they enter with usernames centralised with free ipa?
I hope I'm not too confusing.
IPA isn't going try to delete or create a new home directory. You'll want to be sure that the homedirectory value in IPA matches the format you're currently using. It sounds like it will.
But if the UID/GID are different between the original local users and the IPA users then you'll need to reset the ownership to match IPA prior to them logging in. Otherwise they won't have read permission to their home directory and will be dropped in /.
Backing things up is probably a good idea in general before doing mass ownership changes.
You can test this by adding a new local user, create the homedir and drop a few files into it, then add the same user to IPA, then try to log in.
rob
Just a note in case you you didn't think about it. You have to remove all your IPA users from the local /etc/passwd, /etc/group etc Still, you need to have a copy of the these files around, because you need to chown/chgrp with the uid/gid (numerical). Only after the IPA users/groups have been removed from /etc and after doing the find/chown tricks the users can login again. -- Kees
thankyou for support.
Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com>, 11 Oca 2024 Per, 18:58 tarihinde şunu yazdı:
Alper AYKUT via FreeIPA-users wrote: > Hello I have 5 servers. The users of all servers are created locally. > All users have Home. Now I will connect the Servers to the Free ipa > server to enable them to log in with the Users I have created in Free > IPA. However, how will the users' home folders that were created in the > past match the User created in Free ipa? Or will the users need to > delete their home folders to be created again. > > If I need to delete the Home folders of the users, I will need to back > up the data of all users. This is a huge workload. Let me restate the problem. You have 5 servers with local users on them with their own uid/gid. I assume its even possible that a user on server A has a different uid/gid than system B-E, right? Now you want to introduce IPA to manage users and the IPA users have different uid/gid from the local users on the various servers and you want to preserve their data. If that is correct then you'll need to find all files owned by the local uid and/or gid and chown/chgrp them to the IPA equivalent. The find command can be helpful to identify all affected files using the -uid or -gid option. The -exec option can be used to call chown or chgrp to update the ownership. I'd recommend searching from root (/) and not just /home in order to catch files in various tmp directories or other hidden-away locations. Depending on how many users you're talking about, particularly if there is a mixed bag between systems, this is going to take a while either way. Note that this centralization is one of the benefits that IPA brings. It's just painful to move to from a distributed setup. It should be a one-time pain though. rob
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
freeipa-users@lists.fedorahosted.org