On Sun, Feb 27, 2022, 07:34 Alexander Bokovoy <[email protected]> wrote:
> On su, 27 helmi 2022, Cyrus via FreeIPA-users wrote: > >Hello!, > > > >I'm in a interop puzzle dilemma, hope you can help me out. > > > >Currently all our user accounts are hosted in an Active Directory > >environment we don't own (another team handles that for us), acme.tld for > >this discussion. > > > >We're in the need to implement: > >- FreeIPA to handle our linux machine accounts and process/app users with > >ipa.domain.tld > >- FreeIPA (same as above or different cluster?) to handle external > provider > >accounts with ext.domain.tld > >- Own AD Controllers to handle our Windows machines with ad.domain.tld > > > >The aim is: > >1. Allow acme.tld users to access ipa.domain.tld machines. > >2. Allow acme.tld users to access ad.domain.tld machines > >3. Allow ext.domain.tld users to access ipa.domain.tld machines > >4. Allow ext.domain.tld users to access ad.domain.tld machines > > > >1 seems to be solved trusting acme.tld on FreeIPA side > >2 seems to be solved trusting acme.tld on AD side > >Not sure how to solve 3 and 4, can you provide any recommendation?. > > Neither is supported. That is, there is no support for login into AD > machines and there is currently no support for IPA-IPA trust. > > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > Thanks for the feedback. Adding Samba4 to mix to host ext.domain.tld could solve 3 and 4?. It should solve 4 with AD+Samba4 trust. But I'm not sure about 3. Regards, CI.- >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
