22.12. 为 IdM 中的本地和远程组启用组合并

流程

1. 将 [SUCCESS=merge] 添加到 /etc/nsswitch.conf 文件中：

   # Allow initgroups to default to the setting for group.
   initgroups: sss [SUCCESS=merge] files

   Copy to Clipboard Toggle word wrap

2. 将 idmuser 添加到 IdM 中：

   # ipa user-add idmuser
   First name: idm
   Last name: user
   ---------------------
   Added user "idmuser"
   ---------------------
   User login: idmuser
   First name: idm
   Last name: user
   Full name: idm user
   Display name: idm user
   Initials: tu
   Home directory: /home/idmuser
   GECOS: idm user
   Login shell: /bin/sh
   Principal name: idmuser@IPA.TEST
   Principal alias: idmuser@IPA.TEST
   Email address: idmuser@ipa.test
   UID: 19000024
   GID: 19000024
   Password: False
   Member of groups: ipausers
   Kerberos keys available: False

   Copy to Clipboard Toggle word wrap

3. 验证本地 audio 组的 GID。

   $ getent group audio
   ---------------------
   audio:x:63

   Copy to Clipboard Toggle word wrap

4. 将组 audio 添加到 IdM 中：

   $ ipa group-add audio --gid 63
   -------------------
   Added group "audio"
   -------------------
   Group name: audio
   GID: 63

   Copy to Clipboard Toggle word wrap
   注意

   您在将 audio 组添加到 IdM 时定义的 GID 必须与本地 audio 组的 GID 相同。

5. 将 idmuser 用户添加到 IdM audio 组中：

   $ ipa group-add-member audio --users=idmuser
   Group name: audio
   GID: 63
   Member users: idmuser
   -------------------------
   Number of members added 1
   -------------------------

   Copy to Clipboard Toggle word wrap

验证

1. 以 idmuser 身份登录。

2. 验证 idmuser 在其会话中是否有本地组：

   $ id idmuser
   uid=1867800003(idmuser) gid=1867800003(idmuser) groups=1867800003(idmuser),63(audio),10(wheel)

   Copy to Clipboard Toggle word wrap