> Am Tue, May 11, 2021 at 03:09:54PM -0000 schrieb iulian roman via > FreeIPA-users: > > Hi, > > can you give some more details about the group, where it comes from IPA > or AD, and the GID, it is the original GID of the group or coming from > an id-override as well? > Hi,
There is trust between IPA and AD (non-posix trust) . All AD users which have a uidNumber and gidNumber configured in AD have been added in 'Default Trust View' and idoverride configured for them (the uid and gid override is the same like the one in AD). The same AD users which are configured above are as well part of IPA posix groups via group membership (ex. ad_unix_users is member of ipa unix_users group) in order to configure sudo rules for them. On the ipa servers and replicas i can query/list attributes for all users, on ipa clients i can list users (via id <username> command) for which uid/gid is overridden _only_ after i manually run getent group <default_user_gid>. For the users which do not have uid and gid overriden it works correctly. I do not know if explanation is clear, but if you need more information, please let me know. > bye, > Sumit _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure