[Freeipa-users] Re: IDView problem

2023-05-16 Thread Ronald Wimmer via FreeIPA-users 

On 15.05.23 10:34, Florence Blanc-Renaud wrote:

Hi,

On Fri, May 12, 2023 at 5:47 PM Ronald Wimmer > wrote:


On 12.05.23 11:35, Florence Blanc-Renaud via FreeIPA-users wrote:
 > Hi,
 >
 > can you provide more details? Did you use the "Default Trust View"
 > idview or did you create another one? Which attributes did you
override
 > for your AD user?

Of course I can.  I should have provided more info in the first place...

I created an own ID view called "zsh" which overrides the login shell
for certain users on certain hosts (currently 2 hosts, one running
CentOS 7.9 and the other one running OL 9.1)


Are those hosts IPA servers or IPA clients? 


No. Both are IPA clients.


___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Freeipa-users] Re: IDView problem

2023-05-15 Thread Florence Blanc-Renaud via FreeIPA-users 
Hi,

On Fri, May 12, 2023 at 5:47 PM Ronald Wimmer  wrote:

> On 12.05.23 11:35, Florence Blanc-Renaud via FreeIPA-users wrote:
> > Hi,
> >
> > can you provide more details? Did you use the "Default Trust View"
> > idview or did you create another one? Which attributes did you override
> > for your AD user?
>
> Of course I can.  I should have provided more info in the first place...
>
> I created an own ID view called "zsh" which overrides the login shell
> for certain users on certain hosts (currently 2 hosts, one running
> CentOS 7.9 and the other one running OL 9.1)
>

Are those hosts IPA servers or IPA clients? I'm asking because it's not
supported to apply an ID view on IPA servers, except for the "Default Trust
View" (see
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/id-views
and
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_idm_users_groups_hosts_and_access_control_rules/using-an-id-view-to-override-a-user-attribute-value-on-an-idm-client_managing-users-groups-hosts#id-views_using-an-id-view-to-override-a-user-attribute-value-on-an-IdM-client
).

flo
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Freeipa-users] Re: IDView problem

2023-05-12 Thread Ronald Wimmer via FreeIPA-users 

On 12.05.23 11:35, Florence Blanc-Renaud via FreeIPA-users wrote:

Hi,

can you provide more details? Did you use the "Default Trust View" 
idview or did you create another one? Which attributes did you override 
for your AD user?


Of course I can.  I should have provided more info in the first place...

I created an own ID view called "zsh" which overrides the login shell 
for certain users on certain hosts (currently 2 hosts, one running 
CentOS 7.9 and the other one running OL 9.1)

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Freeipa-users] Re: IDView problem

2023-05-12 Thread Florence Blanc-Renaud via FreeIPA-users 
Hi,

can you provide more details? Did you use the "Default Trust View" idview
or did you create another one? Which attributes did you override for your
AD user?

flo

On Thu, May 11, 2023 at 11:02 AM Ronald Wimmer via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> I tried to apply an ID-View to a single AD-User. The first thing I
> noticed that the short user name did not work anymore upon SSH login. I
> had to specifiy the user name with its FQDN.
>
> The second problem I noticed is that under RHEL 9 that particular user
> somehow "lost" all its groups. The only group the id command revealed
> was the one with the user's UID. So group-based sudo permissions stopped
> working...
>
> Cheers,
> Ronald
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue