Hi, We are evaluating RHEL7 IdM (FreeIPA 3.3) for identity management for our UNIX infrastructure. All of our Linux hosts currently have standard and consistent UID/GIDs for at least all of our administrative users. I'm looking for advice on how to migrate these users into IPA.
Since we already have consistent UID/GID numbering for our local users, would it be advisable to use these same UID/GIDs for the IPA users? The local users and groups with the same UID/GIDs would still exist on the host during the IPA transition. I assume that if we decided to do this, we would need to modify /etc/nsswitch.conf on each host so "sss" is queried before "files" for passwd/shadow/group. Eventually we plan to configure a kerberos trust with our AD domain where we could configure these UID/GIDs via AD's POSIX UID/GID settings. How have others handled local to IPA migrations? Any advice or input would be greatly appreciated. Thanks, Josh -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project