Steve, We have the same problem with the web interface, from what I can tell you must either sync accounts, delegate account passwords with RADIUS (which works for the web interface but not kerberos) and/or use service accounts.
Our systems use kickstart and auto-join ipa on deployment with a service account, which may work for your needs, there's also an ansible module you could use with a ansble-vaulted ipa-join service account. Thanks, -Jake From: "freeipa-users" <freeipa-users@lists.fedorahosted.org> To: "freeipa-users" <freeipa-users@lists.fedorahosted.org> Cc: "Steve Weeks" <nbxst...@gmail.com> Sent: Friday, July 28, 2017 12:46:02 PM Subject: [Freeipa-users]ipa-client-install using AD/ad_admin credentials We want to let AD admins install new linux FreeIPA clients using their AD credentials. It looks like if fails using kinit in the script. If you run kinit 'AD\ad_admin' you get the same error. Is it feasible to do what we want? Does it make sense? We already have a system for managing the sysadmins in AD and don't really want to setup double accounts for them. (We have lots of sysadmins). Thanks, Steve _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
