On Чцв, 28 ліс 2024, Aleksandr Sabirov via FreeIPA-users wrote:
Hello,
Suppose we have:
Machine - with the full name ws16.ad16.loc - MS AD. Windows Server 2016
Machine - with the full name ipasrv-1.ipadomain.loc - IdM AD version 4.8.10.
Linux Debian
Machine - with the full name adclient-1.ad16.loc - AD Client. Linux Debian
Bidirectional trust relationships between IPA and AD are configured.
The third machine is joined to the AD domain using sssd 2.4.0.
Can I somehow authenticate on the AD client (third machine) using IdM
users via the bidirectional trust relationships?
No, it is not implemented at this point.
That is, I don't mean the case where we make the AD client partially
integrated into IdM by adding settings in sssd.conf for the second
domain ([domain/ipadomain.loc]) and updating krb5.keytab. I mean, how
can I make it so that the request goes specifically through
AD (i.e., via the trust relationships) and not directly to IdM? And is
this possible?
You cannot.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
