Here is my environment :

1 Windows Domain
Windows workstations
Windows servers
Multiple linux domains
Linux workstations
Linux servers

Here is my goal :

All users are centralized in the Active Directory.
Users will authenticate on linux workstations with their AD accounts (
using POSIX attributes).
Linux workstations must have access to NFS shares on Linux servers.

What are the limitations ?
Windows users equals ipa users in term of services ?

Do I have to configure kerberos to also join directly the Windows Kerberos
or will IPA do the job to ask Windows server ?

in etc/krb5.conf :

includedir /var/lib/sss/pubconf/krb5.include.d/

  default_realm = IPA.ORG
  dns_lookup_realm = true
  dns_lookup_kdc = true
  rdns = false
  ticket_lifetime = 24h
  forwardable = yes
  udp_preference_limit = 0
  default_ccache_name = KEYRING:persistent:%{uid}
  canonicalize = yes
  allow_weak_crypto = true

  IPA.ORG = {
    pkinit_anchors = FILE:/etc/ipa/ca.crt
    auth_to_local = RULE:[1:$1@
    auth_to_local = DEFAULT


               kdc = srvadipa.windomain.local
               admin_server = srvadipa.windomain.local

[domain_realm] = COSMO.ORG = COSMO.ORG


  .windomain.local = WINDOMAIN.LOCAL
  windomain.local = WINDOMAIN.LOCAL

Is the bug in libnfsidmap still active and prevents Windows users to access
NFS4 krb5 secured shared folder ?

I currently have

bug here:
Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to