On Mon, 15 Feb 2016, Birnbaum, Warren (ETW) wrote:
Alexander,

Thanks for letting me know this.  Is it true then that my only option is
to have the IPA AD trust to achieve AD authentication (proxy style), HBAC
and sudo?
I'm not sure using 'proxy' term is actually helpful here. IPA does not
work as a proxy authentication when it trusts AD forest. All
authentication happens directly against AD domain controllers, and IPA
is only used to host resources specific to Linux deployments. Given that
HBAC is a feature of IPA, not AD, you cannot have HBAC working in other
configurations.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to