Rob Crittenden wrote: > Aleksandr Sabirov via FreeIPA-users wrote: > > Alexander Bokovoy wrote: > > On Аўт, 03 сне 2024, Aleksandr Sabirov via FreeIPA-users wrote: > > Alexander Bokovoy wrote: > > On Аўт, 03 сне 2024, Aleksandr Sabirov via FreeIPA-users wrote: > > Alexander Bokovoy wrote: > > On Пят, 29 ліс 2024, Aleksandr Sabirov via FreeIPA-users wrote: > > I need a Linux client (using SSSD), joined to an AD domain, to be able to > > authenticate to IPA users through trust relationships. This is not > > possible, am I correct? > > So the scheme is: > > Linux AD client -> AD <-> IPA > > If that Linux client is enrolled into AD domain, it will be talking to > > AD DC, as I said, and then will be talking to IPA DC. This is only for > > authentication; identities will have to be fetched from AD DCs and they > > will not have that information because they couldn't retrieve it from > > IPA DCs. > > Sorry for spamming, but I would like to know. This is important information > > for me. > > I answered your questions already. Sorry, I don't have time right now to > > respond more on this beyond what is already said. > > How then does a Windows 10 client located in MS AD successfully obtain > > FreeIPA trusted domain information and successfully launch a user's IPA > > session? > > https://www.freeipa.org/page/Windows_authentication_against_FreeIPA#id1: > > .... > > Note also that the described configuration is not supported by FreeIPA > > development team and also is not supported by Red Hat Enterprise Linux > > Identity Management product. A work on making possible to login to > > Windows machines already enrolled into a trusted Active Directory > > forest is ongoing and is not available yet in any released FreeIPA > > version. > > .... > > This is not a supported setup and we have no time to look into it at the > > moment. > > So Windows AD client also can't log in under IdM accounts via trust > > relationships? > > Sorry for my redundancy. > > I mean > > IdM <-> AD <- Windows 10 > > Have you read the documentation? > https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-sin... > rob Yes, I have read it. But everything there is described in "abstract terms." I want to know the specific names of the mechanisms that make it work that way.
What do Windows AD clients have that Linux clients don't, since Windows can obtain users through trust relationships, but Linux cannot. -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
