While that is definitely *a* convention, it's not the one we've used which
puts users by default in shared groups (nwra, visitors, etc).  For example:

uid=2941(user) gid=1991(nwra)

We may be fine changing conventions, but I'm researching whether or not we
have to.


On 08/24/2016 11:19 AM, Justin Stephenson wrote:
> Could you please explain further what you are trying to accomplish with an AD
> trust default group? I believe we are following the standard linux convention
> of creating a user private group using the ID number which matches the uid
> number for AD trust users.
> Kind regards,
> Justin Stephenson
> On 08/23/2016 06:27 PM, Orion Poplawski wrote:
>> Is there any way to control the default gid for AD trust users?  At the 
>> moment
>> each user has it's own default group, e.g.:
>> uid=22603(user@ad.domain) gid=22603(user@ad.domain)
>> It would be nice to be able to set this to an actual group.
>> Thanks.

Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       or...@nwra.com
Boulder, CO 80301                   http://www.nwra.com

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to