Am Wed, May 12, 2021 at 06:46:29AM -0000 schrieb iulian roman via FreeIPA-users: > > Am Tue, May 11, 2021 at 03:09:54PM -0000 schrieb iulian roman via > > FreeIPA-users: > > > > Hi, > > > > can you give some more details about the group, where it comes from IPA > > or AD, and the GID, it is the original GID of the group or coming from > > an id-override as well? > > > Hi, > > There is trust between IPA and AD (non-posix trust) . All AD users > which have a uidNumber and gidNumber configured in AD have been added > in 'Default Trust View' and idoverride configured for them (the uid > and gid override is the same like the one in AD). > The same AD users which are configured above are as well part of IPA > posix groups via group membership (ex. ad_unix_users is member of ipa > unix_users group) in order to configure sudo rules for them. > On the ipa servers and replicas i can query/list attributes for all > users, on ipa clients i can list users (via id <username> command) > for which uid/gid is overridden _only_ after i manually run getent > group <default_user_gid>. For the users which do not have uid and gid > overriden it works correctly. > > I do not know if explanation is clear, but if you need more > information, please let me know.
Hi, did you use the IPA 'unix_users' group as primary group for those users and given the GID of 'unix_users' in the id-overrides for the users? Or did you you a different group as primary group? bye, Sumit > > > bye, > > Sumit > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
