On Tue, Jul 09, 2019 at 05:41:05PM +0000, Andrew Meyer via FreeIPA-users wrote:
I want to map my freeipa users to local users on a particular
server. I have read a few sites that say to do sss_override. However I am running into a
problem:
Hi,
do you mean 'to a local user' or 'to a local group'?
[andrew.meyer@server01 ~]$ sudo sss_override user-add andrew.meyer -n
ameyer
Other than LOCAL view already exists in domain freeipa.local.
With overrides you can e.g change the user name but you should make sure
that there is no collision with e.g. a local user name, because this
might give you unexpected results. Additional with FreeIPA you cannot
use the local 'sss_override' command but use have to define with
idoverride on the ipa server with 'ipa idoverrideuser-add ...'. If the
override should be valid for only a single IPA client you have to
created a dedicated idview first and apply the idview to the IPA client.
Please note that you cannot change the idview of IPA servers only of IPA
clients.
But I remember seeing this somewhere as well:group: files
[SUCCESS=merge] sss
Will doing the merge satisfy what I want?
If you want to add an IPA user to a local group is should be sufficient
to just add the IPA user name to the group in /etc/group.
HTH
bye,
Sumit
Thanks,Andrew
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...