Hi, have some questions regarding implementing FreeIPA. To start, I am new to FreeIPA, read up on its featuires and started using it in a test setup. The goal is to have sshkey authentication of active directory users on Linux clients.
* Created an IPA domain (linux.test.local) with one server and set a one-way trust with win.test.local * Created the external and internal groups and mapped it. * Added ad user overrides in the default trust view and set their ssh keys. So far so good, all OK. The questions: - Is there a way/method to have overrides created automatically for newly added to the group at AD side? This so that the new user can add the ssh key via selfservice. Would it be possible via API? - Adding/changing id overrides do no apply directly. I need to issue a `sssctl cache-expire -u`on all clients and ipa server Is there a way this can be enforced/worked around? Any ideas? - Tested replication, but could not get this replica server to resolve ad users. Read that I need to install the agent role to this replica server. Not sure how to do this, I install the replica with ìpa-replica-install --setup-dns --forwarder <ip> --setup-ca`. Adding --add-agents doesn't seem tp work. What is the order to set up for a fully functioning replica server? Deployment would be main and a secondary ipa server for redundancy. Testing is don with version 4.10.2 KR, slekkus. -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
