[Freeipa-users] Re: Is it possible to create hosts in AD via FreeIPA?

Fri, 08 Apr 2022 10:22:24 -0700 


--
Francis Augusto Medeiros-Logeay
Oslo, Norway

On 2022-04-08 10:15, Sam Morris via FreeIPA-users wrote:

I would like to use FreeIPA to manage Linux VDI machines, but VMware 
is

Active Directory-centric, and it's Horizon Connection Server creates
machine objects on AD that the VM's join to when created - and these
objects are deleted automatically when the corresponding VM ceases to
exist.


I wonder if would be possible to simply join the machine to FreeIPA 
but

to an object that exists on AD, so that AD could delete it when the VM
ceases to exist.


Perhaps you want what Red Hat calls 'direct integration' of sssd (on
your VM) to AD?

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/index

In which case you don't use FreeIPA at all.

(Out of interest, how does VMWare send credentials into the VM so it
can join the domain?)


Thanks Sam. I will give a look into that.


As to your question, VMware has some strategies for domain joining, most 
of them described here: 
https://docs.vmware.com/en/VMware-Horizon-7/7.13/linux-desktops-setup/GUID-D8E3A4AA-83E9-46A4-8BBA-824027146E93.html



In fact, I've realized that domain joining from the linux side is not 
really important, as long as the kerberos works and is configured right. 
For example, one can use ldap for authentication, without binding the 
machine, and it works seamless even when the machine is not domain 
joined.
Or you can simply have a script with a credential, and get the script to 
be run when the instant clones are created on the fly (called 
RunOnceScript on vmware-view.conf configuration file).



Domain joining might be necessary anyway for mounting things, for 
example.


Best,
Francis
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure






















					Reply via email to