Hello, Suppose we have: Machine - with the full name ws16.ad16.loc - MS AD. Windows Server 2016 Machine - with the full name ipasrv-1.ipadomain.loc - IdM AD version 4.8.10. Linux Debian Machine - with the full name adclient-1.ad16.loc - AD Client. Linux Debian Bidirectional trust relationships between IPA and AD are configured. The third machine is joined to the AD domain using sssd 2.4.0.
Can I somehow authenticate on the AD client (third machine) using IdM users via the bidirectional trust relationships? That is, I don't mean the case where we make the AD client partially integrated into IdM by adding settings in sssd.conf for the second domain ([domain/ipadomain.loc]) and updating krb5.keytab. I mean, how can I make it so that the request goes specifically through AD (i.e., via the trust relationships) and not directly to IdM? And is this possible? Thanks. -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
