On ke, 04 loka 2017, Supratik Goswami via FreeIPA-users wrote:
Hello All,
Is there a way to map IPA group to a local Linux system group?
For example I have a Linux group wheel and I want the IPA group ipawheel to
be mapped
such that when I add a user in the ipawheel group in the local system the
user becomes a
member of the wheel group in the Linux machine (IPA client) .
You don't say what
Linux distribution you are using.
With glibc 2.24 there is a feature that group membership is considered
across all group sources in nsswitch. It is working in Fedora since F24
and in RHEL/CentOS since 7.4:
https://sgallagh.wordpress.com/2016/01/28/remote-group-merging-for-fedora/
You simply add IPA user to a local Linux group in /etc/group and that's
all. On next login this user will gain that group membership.
--
/ Alexander Bokovoy