Hi Daniel, Replicating only some of the users seems like a not-great idea. That way your replica is not truly a replica anymore, and you lose a lot of the benefits a replica brings. Isn't it much easier to replicate all users, and use HBAC rules to allow/disallow login based on user- and host groups? As for NFS, maybe automount can help you there? I haven't really played with it myself though.
Peter ________________________________________ From: Daniel Ruiz via FreeIPA-users <[email protected]> Sent: Monday, 30 June 2025 08:37 To: [email protected] Cc: Daniel Ruiz Subject: [Freeipa-users] Select a group of users to being replicated Hello, In my scenario, I have a FreeIPA server "A" that serves users (500) for a laboratory called "Lab-A" (with 15 computers) and, also, I have a FreeIPA server "B" that servers users for a HPC Cluster called "HPC" (with 10 computes nodes). I have configured server "A" as server and all "Lab-A" get all 500 users. In the other side, I have configured server "B" as "replica server" of server "A" to get all users and, then, all HPC Cluster computes nodes can log in with all 500 users... But, I have a question: would it be possible to replicate only some users (a group of them, "x")? In my scenario, server A serves $HOMEs to Lab-A via NFS and server "B" servers %HOMEs to HPC-Cluster using NFS too, but some users of HPC-Cluster uses as their $HOME the $HOME that is served from A, not from HPC (because of some reasons...) and, also, some users from A not need to log in in HPC Cluster, so by default, because of FreeIPA replica server has all 500 users, each of them can do a "login" in HPC server and, maybe, the user hasn't mounted his NFS $HOME and, then, log in with no $HOME... Could I disable that login? Thanks. -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
