I'm attempting to use ID Views as a shim, to allow me to have an existing
host work with FreeIPA without having to re-chown many many files.
Here's my basic strategy, and where things seem to be failing:
For any truly local groups (e.g. for specific local services), I continue
to manage those in /etc/groups
For any users, they should be managed in FreeIPA, especially the password
and SSH Pubkeys. But, they should continue to appear with their old UIDs
and GIDs on the server. This means the user doesn't exist in /etc/passwd or
/etc/shadow anymore (or the local password would be used, as I understand
An ID View is created, applied to this host, and has a user override added
to override the UID and GID of the user.
But, when I do this, I continue to see the usual UID and GID in the output
of `id $USER`, etc, even after running `sss_cache -E` and `systemctl
Is there some extra logging I can turn on to see why this ID View isn't
being applied like I would expect? Or perhaps some extra bit of
configuration I missed?
I'm running a pair of CentOS 7 boxes, one acting as the FreeIPA server, and
the other is the "legacy" box I want to shim FreeIPA into...
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project