On Sun, Feb 27, 2022, 09:05 Cyrus <[email protected]> wrote: > On Sun, Feb 27, 2022, 07:34 Alexander Bokovoy <[email protected]> wrote: > >> On su, 27 helmi 2022, Cyrus via FreeIPA-users wrote: >> >Hello!, >> > >> >I'm in a interop puzzle dilemma, hope you can help me out. >> > >> >Currently all our user accounts are hosted in an Active Directory >> >environment we don't own (another team handles that for us), acme.tld for >> >this discussion. >> > >> >We're in the need to implement: >> >- FreeIPA to handle our linux machine accounts and process/app users with >> >ipa.domain.tld >> >- FreeIPA (same as above or different cluster?) to handle external >> provider >> >accounts with ext.domain.tld >> >- Own AD Controllers to handle our Windows machines with ad.domain.tld >> > >> >The aim is: >> >1. Allow acme.tld users to access ipa.domain.tld machines. >> >2. Allow acme.tld users to access ad.domain.tld machines >> >3. Allow ext.domain.tld users to access ipa.domain.tld machines >> >4. Allow ext.domain.tld users to access ad.domain.tld machines >> > >> >1 seems to be solved trusting acme.tld on FreeIPA side >> >2 seems to be solved trusting acme.tld on AD side >> >Not sure how to solve 3 and 4, can you provide any recommendation?. >> >> Neither is supported. That is, there is no support for login into AD >> machines and there is currently no support for IPA-IPA trust. >> >> >> -- >> / Alexander Bokovoy >> Sr. Principal Software Engineer >> Security / Identity Management Engineering >> Red Hat Limited, Finland >> > > Thanks for the feedback. Adding Samba4 to mix to host ext.domain.tld could > solve 3 and 4?. > > It should solve 4 with AD+Samba4 trust. But I'm not sure about 3. > > Regards, > CI.- >
Has anybody configured successfully a trust between Samba4 and FreeIPA to allow Samba managed users to login to FreeIPA managed hosts? Regards, CI.- >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
