On 05/10/2012 12:27 PM, Brian Cook wrote: > THe problem with the cross realm trust support as I understand it is that it > requires you to populate posix attributes in AD, which many AD admins are > hesitant to do. You have to install the AD services for unix pack and create > metadata object in the directory for tracking UID and GID and then manage > users via the ADSFU snap in. I have run in to significant resistance to this > and the Linux guys usually do not have access.
You are referring to the current support of AD in SSSD. The UID and GID in AD are required for SSSD to work but in 6.4 this will change too as SSSD would be able to deal with AD SIDs too and do the id mapping in the same way as samba does (and better). > Brian > > > On May 9, 2012, at 3:19 PM, Steven Jones wrote: > >> That is possibly RHEl6.4? so year end? >> >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> ________________________________________ >> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on >> behalf of Simo Sorce [s...@redhat.com] >> Sent: Thursday, 10 May 2012 10:15 a.m. >> To: Sylvain Angers >> Cc: Freeipaemail@example.com >> Subject: Re: [Freeipa-users] proxy with Active Directory >> >> On Wed, 2012-05-09 at 14:19 -0400, Sylvain Angers wrote: >>> Hello >>> >>> Our security group have concern with copying username/password from >>> from AD and might not allow this synchronisation to even happen. >>> Is there a way to configure ipa to go get username/password via kind >>> of proxy? >> Not really, your best bet in that situation is cross realm trust support >> schedule for the next FreeIPA version. >> >> Simo. >> >> -- >> Simo Sorce * Red Hat, Inc * New York >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipafirstname.lastname@example.org >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipaemail@example.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ > Freeipa-users mailing list > Freeipafirstname.lastname@example.org > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users