On Tue, 25 Nov 2014, Nicolas Zin wrote:

I successfully create a trust relationship between a freeipa 3.3 realm (on 
Centos 7) and a windows 2008 AD.
Now I add some machine clients to my IPA realm, and try to connect to them with 
my AD credential:
- connecting to the 2 freeipa server: no problem
- connecting to a Centos6 machine: no problem
- connecting to a Centos5 machine: fail

to say it differently:
- when connecting to the Centos5 with a Freeipa Realm user it works
- when connecting to the Centos5 with a AD Realm user, it fails

I just want a confirmation: it fails because centos5 is packaged with
sssd < 1.9 and do not support cross realm? (and indeed, it cannot
works) or is it possible to make it working? and my error is somewhere
Right, RHEL5/CentOS5 cannot see AD users directly like other SSSD

If you enabled compat tree integration when running
'ipa-adtrust-install', you may try to configure CentOS5 machine to use
compat tree. This has some limitations but it exposes both IPA and AD
users and allows to authenticate AD users against LDAP in compat tree.

See http://www.freeipa.org/images/0/0d/FreeIPA33-legacy-clients.pdf for

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to