On Thu, Jan 11, 2024 at 6:56 PM Rob Crittenden via FreeIPA-users < [email protected]> wrote: > > Alper AYKUT wrote: > > Hi,If I need to explain through my A server > > > > There are about 30 locally running users in my A server. These users > > have their own homelands. Example. > > > > username.surname > > /home/username.surname > > username1.surname1 > > /home/username1.surname1 > > username2.surname2 > > /home/username2.surname2 > > > > Now I have recreated and centralised the users of my server a to Free ipa. > > > > Now when users connect to my A server, they will connect with usernames > > created centrally on Free ipa, and the usernames I created in Free ipa > > are the same as the usernames they used to work locally. > > > > Now my problem is that when I create a new user in Free ipa it gives new > > uid and gid number. When my users connect to server A, how will they > > connect to their homelar, which they use locally, for example > > /home/username.surname different uid and gid number. > > > > Briefly, what is the method of connecting to my own home / > > username.surname without conflicting with the usernames that I have > > created and centralised with home / username.surname names Free ipa, > > which was created locally on my A server. Can it conflict? If it > > conflicts, before connecting server a to free ipa, should I tell my > > users to back up their home/username.surname folders, delete all local > > home folders, and that home folders will be automatically recreated when > > they enter with usernames centralised with free ipa? > > > > I hope I'm not too confusing. > > IPA isn't going try to delete or create a new home directory. You'll > want to be sure that the homedirectory value in IPA matches the format > you're currently using. It sounds like it will. > > But if the UID/GID are different between the original local users and > the IPA users then you'll need to reset the ownership to match IPA prior > to them logging in. Otherwise they won't have read permission to their > home directory and will be dropped in /. >
I had this issue this week, and that's exactly what happened. Changing ownership to the new uid/gid fixed the problem. (Fortunately, in my case, it was only a few users.) Rafael > Backing things up is probably a good idea in general before doing mass > ownership changes. > > You can test this by adding a new local user, create the homedir and > drop a few files into it, then add the same user to IPA, then try to log in. > > rob > > > > thankyou for support. > > > > Rob Crittenden <[email protected] <mailto:[email protected]>>, 11 > > Oca 2024 Per, 18:58 tarihinde şunu yazdı: > > > > Alper AYKUT via FreeIPA-users wrote: > > > Hello I have 5 servers. The users of all servers are created locally. > > > All users have Home. Now I will connect the Servers to the Free ipa > > > server to enable them to log in with the Users I have created in Free > > > IPA. However, how will the users' home folders that were created > > in the > > > past match the User created in Free ipa? Or will the users need to > > > delete their home folders to be created again. > > > > > > If I need to delete the Home folders of the users, I will need to back > > > up the data of all users. This is a huge workload. > > > > Let me restate the problem. > > > > You have 5 servers with local users on them with their own uid/gid. I > > assume its even possible that a user on server A has a different uid/gid > > than system B-E, right? > > > > Now you want to introduce IPA to manage users and the IPA users have > > different uid/gid from the local users on the various servers and you > > want to preserve their data. > > > > If that is correct then you'll need to find all files owned by the local > > uid and/or gid and chown/chgrp them to the IPA equivalent. > > > > The find command can be helpful to identify all affected files using the > > -uid or -gid option. The -exec option can be used to call chown or chgrp > > to update the ownership. > > > > I'd recommend searching from root (/) and not just /home in order to > > catch files in various tmp directories or other hidden-away locations. > > > > Depending on how many users you're talking about, particularly if there > > is a mixed bag between systems, this is going to take a while either > > way. > > > > Note that this centralization is one of the benefits that IPA brings. > > It's just painful to move to from a distributed setup. It should be a > > one-time pain though. > > > > rob > > > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- Rafael Guterres Jeffman Senior Software Engineer FreeIPA - Red Hat
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
