Baird, Josh wrote: >> So if I understand this right, you're planning on two back to back user >> migrations? First is local->FreeIPA, then eventually FreeIPA->AD? Are your >> current "local" users coincidentally the same as your current AD users? > > Well - I will likely try to skip the Local -> FreeIPA and just go directly to > FreeIPA -> AD. My main question though still remains - do I force the same > local UID/GIDs to the IPA/AD users? I'm just looking for advice on local > user to IPA migration strategies.
I wouldn't recommend duplicating your users, pick one and use that. If you want to be able to manage your users, groups, HBAC, sudo, etc. centrally then you'll want the users in IPA. But if you leave them locally you may end up with corner case problems. If you *do* end up adding your local users to IPA then yeah, you've got a decision to make. Either your use the existing UID/GID which is probably fine (though you may want to look adding a local range) or you let IPA assign a new UID from its own range, then you have to quickly change file ownership on all enrolled systems. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project