Hi, folks, We've got a small shop with around a hundred RHEL boxes and a small user base currently authenticating against LDAP using one user naming scheme. Our plan is to migrate these to freeipa (actually Red Hat IdM) with a one-way trust with AD using a different naming scheme. I'm trying to juggle in my head exactly how to sequence the needed activities to do this.
What I'd like to do is this, which I believe will require a moratorium on user logons: 1) Provision IdM manually with new usernames and old UIDs. 2) Rename and chown home directories on the servers. 3) Join the servers to freeipa (IdM). 4) Establish a one-way trust with AD. This seems like the logical course of events, but the gap between 3 and 4 worries me. Thanks, John A -- John Adams Senior Linux/Middleware Administrator | Information Technology Services +1-501-916-3010 | jxad...@ualr.edu | http://ualr.edu/itservices *UA Little Rock* Reminder: IT Services will never ask for your password over the phone or in an email. Always be suspicious of requests for personal information that come via email, even from known contacts. For more information or to report suspicious email, visit IT Security <http://ualr.edu/itservices/security/>.
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue