Re: [Freeipa-users] Is WinSync A Bad Choice?

2017-02-02 Thread Jakub Hrozek
On Wed, Feb 01, 2017 at 04:19:39PM -0600, Jason B. Nance wrote: > >> - Users can't login to a Linux box using just "username" > >> (user@ad.domain is > >> used) > > > > In the current version you can use the 'default_domain_suffix' option in > > sssd.conf on the clients. In RHEL-7.4 we

Re: [Freeipa-users] Is WinSync A Bad Choice?

2017-02-02 Thread Alexander Bokovoy
On ke, 01 helmi 2017, Jason B. Nance wrote: - User/group management in general becomes largely a command-line operation > (such as mapping groups so they can be used in HBAC and sudo rules) While this is a nice-to-have, it isn't a deal breaker. This definitely exists in WebUI? Unless you

Re: [Freeipa-users] Is WinSync A Bad Choice?

2017-02-01 Thread Lachlan Musicman
On 2 February 2017 at 10:06, Jason B. Nance wrote: > > >- User/group management in general becomes largely a command-line >> operation (such as mapping groups so they can be used in HBAC and sudo >> rules) >> >> While this is a nice-to-have, it isn't a deal breaker. >> >

Re: [Freeipa-users] Is WinSync A Bad Choice?

2017-02-01 Thread Martin Basti
On 02.02.2017 00:05, Lachlan Musicman wrote: On 2 February 2017 at 09:51, Martin Basti > wrote: On 01.02.2017 23:44, Lachlan Musicman wrote: (aside: does FreeIPA have plans to move toward PatternFly? http://www.patternfly.org/ )

Re: [Freeipa-users] Is WinSync A Bad Choice?

2017-02-01 Thread Jason B. Nance
>>> - User/group management in general becomes largely a command-line operation >> > (such as mapping groups so they can be used in HBAC and sudo rules) >> While this is a nice-to-have, it isn't a deal breaker. > This definitely exists in WebUI? Unless you mean something I don't understand. >

Re: [Freeipa-users] Is WinSync A Bad Choice?

2017-02-01 Thread Lachlan Musicman
On 2 February 2017 at 09:51, Martin Basti wrote: > > On 01.02.2017 23:44, Lachlan Musicman wrote: > > > > (aside: does FreeIPA have plans to move toward PatternFly? > http://www.patternfly.org/ ) > > > Unless I missed something, FreeIPA 4.x already uses patternfly > >

Re: [Freeipa-users] Is WinSync A Bad Choice?

2017-02-01 Thread Martin Basti
On 01.02.2017 23:44, Lachlan Musicman wrote: On 2 February 2017 at 09:19, Jason B. Nance > wrote: >- User/group management in general becomes largely a command-line operation (such as mapping groups so they can be used in HBAC and

Re: [Freeipa-users] Is WinSync A Bad Choice?

2017-02-01 Thread Lachlan Musicman
On 2 February 2017 at 09:19, Jason B. Nance wrote: > >- User/group management in general becomes largely a command-line > operation (such as mapping groups so they can be used in HBAC and sudo > rules) > > While this is a nice-to-have, it isn't a deal breaker. > This

Re: [Freeipa-users] Is WinSync A Bad Choice?

2017-02-01 Thread Jason B. Nance
>> - Users can't login to a Linux box using just "username" (user@ad.domain >> is >> used) > > In the current version you can use the 'default_domain_suffix' option in > sssd.conf on the clients. In RHEL-7.4 we are looking into making this > limitation go away. Thank you very much,

Re: [Freeipa-users] Is WinSync A Bad Choice?

2017-02-01 Thread Jakub Hrozek
On Wed, Feb 01, 2017 at 03:00:55PM -0600, Jason B. Nance wrote: > Hello everyone, > > I'm about to deploy a fresh IPA domain that needs to integrate with Active > Directory. In my lab environment I've setup a trust with AD and the > following items are driving me away from using the trust: >

[Freeipa-users] Is WinSync A Bad Choice?

2017-02-01 Thread Jason B. Nance
Hello everyone, I'm about to deploy a fresh IPA domain that needs to integrate with Active Directory. In my lab environment I've setup a trust with AD and the following items are driving me away from using the trust: - Users can't login to a Linux box using just "username" (user@ad.domain