Thanks, That was the problem.
[root@ipa01 ~]# ipa automember-default-group-show Grouping Type: group Default (fallback) Group: cn=admins,cn=groups,cn=accounts,dc=m451,dc=tech [root@ipa01 ~] Removed that and problem has been fixed. Thanks much! On Fri, Jun 2, 2017 at 11:20 AM, <wouter.hummel...@kpn.com> wrote: > Look at automember rules. > > > > Verzonden vanaf mijn Samsung-apparaat > > > -------- Oorspronkelijk bericht -------- > Van: Devin Acosta via FreeIPA-users <freeipa-users@lists.fedorahosted.org> > > Datum: 02-06-17 20:13 (GMT+01:00) > Aan: Rob Crittenden <rcrit...@redhat.com> > Cc: FreeIPA users list <freeipa-users@lists.fedorahosted.org>, Devin > Acosta <linuxguru...@gmail.com> > Onderwerp: [Freeipa-users] Re: FreeIPA (adding all new users to admin > group by default?) > > > Rob, > > That is what confuses me, I show that the default users group is > "ipausers", however when I added an account which I just tested it added to > admins group. Anything else that could be making it add it to the "admin" > group? > > [root@ipa01 ~]# ipa config-show > Maximum username length: 32 > Home directory base: /home > Default shell: /bin/bash > * Default users group: ipausers* > Default e-mail domain: m451.tech > Search time limit: 2 > Search size limit: -1 > User search fields: uid,givenname,sn,telephonenumber,ou,title > Group search fields: cn,description > Enable migration mode: FALSE > Certificate Subject base: O=M451.TECH > Password Expiration Notification (days): 4 > Password plugin features: AllowNThash > SELinux user map order: guest_u:s0$xguest_u:s0$user_u: > s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 > Default SELinux user: unconfined_u:s0-s0:c0.c1023 > Default PAC types: nfs:NONE, MS-PAC > > [root@ipa01 ~]# ipa user-add testuser-devin > First name: Devin > Last name: Acosta > --------------------------- > Added user "testuser-devin" > --------------------------- > User login: testuser-devin > First name: Devin > Last name: Acosta > Full name: Devin Acosta > Display name: Devin Acosta > Initials: DA > Home directory: /home/testuser-devin > GECOS: Devin Acosta > Login shell: /bin/bash > Principal name: testuser-de...@m451.tech > Principal alias: testuser-de...@m451.tech > Email address: testuser-de...@m451.tech > UID: 34375527 > GID: 34375527 > Password: False > *Member of groups: ipausers, admins* > Roles: IT Security Specialist, sec_netops2, helpdesk, IT Specialist, > User Administrator, Security Architect, ipa_join > Indirect Member of role: ipa_join, helpdesk, IT Security Specialist, > sec_netops2, IT Specialist, Security Architect, User Administrator > Kerberos keys available: False > > On Fri, Jun 2, 2017 at 11:02 AM, Rob Crittenden <rcrit...@redhat.com> > wrote: > >> Devin Acosta via FreeIPA-users wrote: >> > >> > I am hoping to see if someone can tell me what I either need to change >> > or update to get it so that FreeIPA doesn't automatically keep adding >> > all new users that is created automatically to the admin group. I >> > inherited this installation of FreeIPA and so far haven't been able to >> > figure out what either got changed or how to disable this behavior? I am >> > running the latest FreeIPA 4.4 on CentOS 7.3. >> > >> > Any help would be greatly appreciated. >> >> Probably the default users group. Try: >> >> $ kinit admin >> $ ipa config-show |grep 'Default users group' >> >> Can be changed using: >> >> $ ipa config-mod --defaultgroup ipausers >> >> You can probably do this in the UI as well but I'm a CLI guy. >> >> rob >> > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org