Aleksandr Sabirov via FreeIPA-users wrote: > Alexander Bokovoy wrote: >> On Аўт, 03 сне 2024, Aleksandr Sabirov via FreeIPA-users wrote: >>> Alexander Bokovoy wrote: >>> On Аўт, 03 сне 2024, Aleksandr Sabirov via FreeIPA-users wrote: >>> Alexander Bokovoy wrote: >>> On Пят, 29 ліс 2024, Aleksandr Sabirov via FreeIPA-users wrote: >>> I need a Linux client (using SSSD), joined to an AD domain, to be able to >>> authenticate to IPA users through trust relationships. This is not >>> possible, am I correct? >>> So the scheme is: >>> Linux AD client -> AD <-> IPA >>> If that Linux client is enrolled into AD domain, it will be talking to >>> AD DC, as I said, and then will be talking to IPA DC. This is only for >>> authentication; identities will have to be fetched from AD DCs and they >>> will not have that information because they couldn't retrieve it from >>> IPA DCs. >>> Sorry for spamming, but I would like to know. This is important information >>> for me. >>> I answered your questions already. Sorry, I don't have time right now to >>> respond more on this beyond what is already said. >>> How then does a Windows 10 client located in MS AD successfully obtain >>> FreeIPA trusted domain information and successfully launch a user's IPA >>> session? >>> https://www.freeipa.org/page/Windows_authentication_against_FreeIPA#id1: >> .... >> Note also that the described configuration is not supported by FreeIPA >> development team and also is not supported by Red Hat Enterprise Linux >> Identity Management product. A work on making possible to login to >> Windows machines already enrolled into a trusted Active Directory >> forest is ongoing and is not available yet in any released FreeIPA >> version. >> .... >> This is not a supported setup and we have no time to look into it at the >> moment. > So Windows AD client also can't log in under IdM accounts via trust > relationships? > Sorry for my redundancy. > > I mean > IdM <-> AD <- Windows 10 >
Have you read the documentation? https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/installing_trust_between_idm_and_ad/index rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
