Just wanted to pass along an issue I just had.

We have some legacy local users on some boxes, and we need to have a mix of
those local users and IPA users in the same groups.

In order for that to happen (at least on AIX) I need to create a group in
IPA with the GID of the local group.  This can be a problem because the GID
may be used by different groups on different boxes (we inherited this mess.)

To organize this, I would create groups like this in IPA:


This worked, until I added a fourth group with the same GID.  AIX stopped
allowing members of 208 to connect to any hosts.

I was forced to move them all into a single group and abandon my attempts
at organization.

This was hard to find, but obvious in retrospect.

The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6
Freeipa-users mailing list

Reply via email to