Hi, could you please explain the difference of FreeIPA UID vs. Linux UID? When I create a user in FreeIPA the UID is this: 1227200001 But in any Linux the first user created has UID: 1000
Should I align UIDs in FreeIPA to the Linux UID? If yes, does the same apply to GID?
Or should I keep the UID / GID created by FreeIPA? If yes, how does this work when a client is registered with FreeIPA?
THX
Hi,
On Fri, 28 Dec 2018, 74cmonty via FreeIPA-users wrote:
could you please explain the difference of FreeIPA UID vs. Linux UID? When I create a user in FreeIPA the UID is this: 1227200001 But in any Linux the first user created has UID: 1000
Should I align UIDs in FreeIPA to the Linux UID? If yes, does the same apply to GID?
Or should I keep the UID / GID created by FreeIPA? If yes, how does this work when a client is registered with FreeIPA?
a FreeIPA system has it's own (configurable) ID range. These IDs are known IPA-wide (on every IPA client or server machine) and are intentionally different from local Linux user IDs that are only known on the machine you created the corresponding user on. You can use a mix of both local and IPA users on a particular IPA machine.
The magic (IPA users known on all IPA client or server machines) is achieved with the System Security Services Daemon (sssd) that is required to run on every IPAfied machine.
To answer your questions: No, you most likely don't want to align FreeIPA and local UIDs/GIDs (probably not even possible). If you want a user to be local, create the user on the particular machine ("useradd"), otherwise create the user in IPA via the Web UI or via the corresponding IPA CLI tools ("ipa user-add"; you'll need to get a Kerberos ticket with "kinit" before you can use the CLI tools).
You may want to read https://www.freeipa.org/page/Documentation for further information.
Mit freundlichen Gruessen/With best regards,
--Daniel.
OK. I have a follow-up question. This is related to system group id.
On Debian, users belonging to group sudo get root permission. On Arch Linux, users belonging to group wheel get root permission.
Should I maintain the same groups sudo and wheel in FreeIPA with the relevant GUI?
THX
Hi,
On Fri, 28 Dec 2018, 74cmonty via FreeIPA-users wrote:
OK. I have a follow-up question. This is related to system group id.
On Debian, users belonging to group sudo get root permission. On Arch Linux, users belonging to group wheel get root permission.
Should I maintain the same groups sudo and wheel in FreeIPA with the relevant GUI?
I believe, that FreeIPA has a similar mechanism, though i don't use it myself. Please cf. [1] for details.
[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
Mit freundlichen Gruessen/With best regards,
--Daniel.
freeipa-users@lists.fedorahosted.org