On 03/10/2015 02:39 PM, Robert Erzen wrote:
I'm new to freeIPA and I'm researching how freeIPA bassically work.
How does this looks like from the perspective of the end user.
Can you please confirm or correct my knowledge about freeIPA functioning.
Let assume we have a mixed environment of five freeIPA servers which
are gatheredint one domain.
Then we have additional ten Linux servers which are aded to realm as
Then we have also five Windows servers, which are connected into
Trust relationship between freeIPA and AD is established.
When Windows user log into AD, he gets authenticated by AD and gain
access to assets in AD as well in freeIPA. Is this correct?
How does things go with a Linux user? Will I be able to join his
Ubuntu user name and password to freeIPA?
Linux users are managed by IPA. SSSD will know based on the fully
qualified name of the user (or short name which will be assumed to be an
IPA user name in default configuration) that the user needs to be
authenticated against IPA.
Will he authenticate with freeIPA every time, he will log into his Ubuntu?
And policies defined in IPA will apply.
All this assumes you have a relatively recent SSSD version on Ubuntu you
plan to use.
There is a solution for legacy clients too. See more details on the wiki
on the documentation page (search for the word "legacy" on the page).
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project