On Fri, 2019-05-17 at 14:19 +0000, SOLER SANGUESA Miguel via FreeIPA-
I don't think it is a good idea to create a IPA posix group with the
same GID. I think the best option is adding the IPA user to the local
group as you tried to do. The only problem is that you used the short
username, and you need to use username@domain. Something like this:
# groupmems -g admins -a ricky(a)ipa.domain.com
You need to use the same name that is being use by the system.
If a fully qualified name is being used then yes the fqdn needs
to be in the group file, if shortnames are configured then the
short name needs to be used.
Sr. Principal Software Engineer
Red Hat, Inc