> I wouldn't recommend duplicating your users, pick one and use that. If you > want to be able to manage your users, groups, HBAC, sudo, etc. > centrally then you'll want the users in IPA. But if you leave them locally you > may end up with corner case problems. > > If you *do* end up adding your local users to IPA then yeah, you've got a > decision to make. Either your use the existing UID/GID which is probably fine > (though you may want to look adding a local range) or you let IPA assign a > new UID from its own range, then you have to quickly change file ownership > on all enrolled systems. >
Well, the users are definitely going to be in IPA (or AD via IPA). However, they *will* exist in both IPA and locally during the migration period. If they have the same UID/GIDs in both places (local and IPA), then I will need to prefer IPA to 'files' in nsswitch.conf. The main reason I want to duplicate the local UID/GID's in IPA is to retain file permissions. Josh -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
