OK, I do not know a lot about AIX, but I would suggest you look into freeIPAs schema compatibility plugin.
If that is enabled and you answer yes to: "Do you want to enable support for trusted domains in Schema Compatibility plugin? This will allow clients older than SSSD 1.9 and non-Linux clients to work with trusted users. Enable trusted domains support in slapi-nis?" When running: ipa-adtrust-install on ipa servers Then AD users can be found with an ldap search from "cn=users,cn=compat,dc=your,dc=domain,dc=com". However the LDAP schema will be RFC 2307 instead of RFC 2307bis. Kontakt Jim Kinney via FreeIPA-users (<[email protected]>) kirjutas kuupƤeval E, 14. veebruar 2022 kell 15:11: > "Trusted AD Domain". That's dubious line at best :-) > > I've not seen AIX use AD for user auth but I know AD will work for Linux > systems. > > HOWEVER - The AD admins must add the Linux domain as trusted so it can > exchange the encrypted data stream. Alternatively, there's a way to do this > without the Linux system having trust in the AD realm. Something to do with > not usng TLS. > The RHEL docs on user auth are pretty good for this. > > You could try to set up a FreeIPA instance that is in the AD realm and > provides auth for AIX. Not sure if AIX has a sssd-ipa package or not. SLES > has sssd-ipa but doen't have freeipa server so server runs on RHEL. > > On Mon, Feb 14, 2022, 1:54 AM Ronald Wimmer via FreeIPA-users < > [email protected]> wrote: > >> I was wondering if one can configure AIX in a way that trusted AD domain >> users can be used to log in under AIX. We followed >> https://www.freeipa.org/page/ConfiguringUnixClients but this guide seems >> to be LDAP-only and AD users do not have a represenntation in FreeIPA's >> LDAP directory. >> >> Could someone please clarify if AD users could work or not? >> >> Cheers, >> Ronald >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to >> [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> Do not reply to spam on the list, report it: >> https://pagure.io/fedora-infrastructure >> > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
