On Аўт, 03 сне 2024, Aleksandr Sabirov via FreeIPA-users wrote:
Alexander Bokovoy wrote:
On Аўт, 03 сне 2024, Aleksandr Sabirov via FreeIPA-users wrote:
> Alexander Bokovoy wrote:
> On Пят, 29 ліс 2024, Aleksandr Sabirov via FreeIPA-users wrote:
> I need a Linux client (using SSSD), joined to an AD domain, to be able to
authenticate to IPA users through trust relationships. This is not possible, am I
correct?
> So the scheme is:
> Linux AD client -> AD <-> IPA
> If that Linux client is enrolled into AD domain, it will be talking to
> AD DC, as I said, and then will be talking to IPA DC. This is only for
> authentication; identities will have to be fetched from AD DCs and they
> will not have that information because they couldn't retrieve it from
> IPA DCs.
> Sorry for spamming, but I would like to know. This is important information
for me.
> I answered your questions already. Sorry, I don't have time right now to
respond more on this beyond what is already said.
How then does a Windows 10 client located in MS AD successfully obtain FreeIPA
trusted domain information and successfully launch a user's IPA session?
https://www.freeipa.org/page/Windows_authentication_against_FreeIPA#id1:
....
Note also that the described configuration is not supported by FreeIPA
development team and also is not supported by Red Hat Enterprise Linux
Identity Management product. A work on making possible to login to
Windows machines already enrolled into a trusted Active Directory
forest is ongoing and is not available yet in any released FreeIPA
version.
....
This is not a supported setup and we have no time to look into it at the
moment.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
