How to create user without its private group in IPA/IdM environment on Red Hat Enterprise Linux ?
Environment
- Red Hat Enterprise Linux (All Versions)
- IPA
Issue
-
How to create user in IPA/IdM domain if group with same name already exists ?
-
Getting following error while creating user in IPA:
IPA error 4024: Unable to create private group. A group 'userx' already exists.
Resolution
-
In IPA environment, user can not be created if group with same name already exists.
-
A new user can be created in IPA domain without creating (i.e. disabling) its private group. Private group creation can be disabled when a user is created by using the --noprivate option.
-
Though there is option to create user without a private group, the Linux system still expects a user GID for the new user. It is necessary either to set an explicit user GID with the --gid option or to create a group with a GID and add the user to that group.
-
To create user without its private group, run following command.
# ipa user-add userx --first=user --last=x --noprivate --gid 10000
- After creating user, it can be added to the group as per requirement.
Root Cause
- When a new user is created in the IdM domain, it is also created with a corresponding private group, following the Red Hat Enterprise Linux convention. As there is group already present in the IPA domain with name "userx", IPA is prompting an error while creating user with the same name as that of group since it is not allowing to create private group for user "userx".
Diagnostic Steps
[1] Add a group in IPA:
[root@ipaserver ~]# ipa group-add userx --descriptipon=userx
-------------------
Added group "userx"
-------------------
Group name: userx
Description: userx
GID: 1000000013
[2] Try to add a user with same name as a group above:
[root@ipaserver ~]# ipa user-add userx --first=user --last=x
ipa: ERROR: Unable to create private group. A group 'userx' already exists.
[3] Add user without private group by explicitly mentioning GID:
# ipa user-add userx --first=user --last=x --noprivate --gid 1000000014
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.