Alexander Bokovoy wrote: > On Аўт, 03 сне 2024, Aleksandr Sabirov via FreeIPA-users wrote: > > Alexander Bokovoy wrote: > > On Аўт, 03 сне 2024, Aleksandr Sabirov via FreeIPA-users wrote: > > Alexander Bokovoy wrote: > > On Пят, 29 ліс 2024, Aleksandr Sabirov via FreeIPA-users wrote: > > I need a Linux client (using SSSD), joined to an AD domain, to be able to > > authenticate to IPA users through trust relationships. This is not > > possible, am I correct? > > So the scheme is: > > Linux AD client -> AD <-> IPA > > If that Linux client is enrolled into AD domain, it will be talking to > > AD DC, as I said, and then will be talking to IPA DC. This is only for > > authentication; identities will have to be fetched from AD DCs and they > > will not have that information because they couldn't retrieve it from > > IPA DCs. > > Sorry for spamming, but I would like to know. This is important information > > for me. > > I answered your questions already. Sorry, I don't have time right now to > > respond more on this beyond what is already said. > > How then does a Windows 10 client located in MS AD successfully obtain > > FreeIPA trusted domain information and successfully launch a user's IPA > > session? > > https://www.freeipa.org/page/Windows_authentication_against_FreeIPA#id1: > .... > Note also that the described configuration is not supported by FreeIPA > development team and also is not supported by Red Hat Enterprise Linux > Identity Management product. A work on making possible to login to > Windows machines already enrolled into a trusted Active Directory > forest is ongoing and is not available yet in any released FreeIPA > version. > .... > This is not a supported setup and we have no time to look into it at the > moment. So Windows AD client also can't log in under IdM accounts via trust relationships? Sorry for my redundancy.
I mean IdM <-> AD <- Windows 10 -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
