On Mon, May 16, 2016 at 09:34:28AM +0100, lejeczek wrote: > > > On 13/05/16 14:14, Sumit Bose wrote: > > On Wed, May 11, 2016 at 05:17:03PM +0100, lejeczek wrote: > > > .. if possible, would you know? > > > hi everybody, > > > I'm trying, and hoping it is possible to realm join an AD but is such a > > > way so I tap my IPA into specific OU within that AD. > > I'm not exactly sure what you mean here. Do you want to join a computer > > which is already a client in an IPA domain to AD as well? If this is the > > case I would recommend to consider the IPA trust feature. Joining 2 > > domain is in general possible with SSSD but has to be done with very > > great care, e.g. by using different keytabs for each domain. > > > > > The thing is - I'm thinking it would make user access control ideal > > > from the start as I need only users from that OU, but also because I'm > > > only granted access to the user/group who has control over that OU. > > > I'm trying that but I see: > > > > > > ! The computer account RIDER already exists, but is not in the desired > > > organizational unit. > > > adcli: joining domain ccc.bb.aa failed: The computer account RIDER > > > already exists, > > Computer account names in AD must be unique even if they are added to > > different OUs. So if there is already a computer called RIDER joined to > > AD and it is not your computer you have to rename your computer to join. > > If it is your computer and you want to create it in a different OU you > > have to delete to old computer object first and then do a fresh join. > hi Sumit, for me it did not work because of this bug: > https://bugzilla.redhat.com/show_bug.cgi?id=1258488
You might want to have a look at the test build at http://koji.fedoraproject.org/koji/taskinfo?taskID=14148923 which includes a patch which should fix for bz1258488. bye, Sumit > > HTH > > > > bye, > > Sumit > > > > > ! Failed to join the domain > > > > > > I'm doing this: > > > $ realm join ccc.bb.aa --user=private-user --computer-ou=private > > > > > > and computer is in OU=private of ccc.bb.aa > > > so is the user private-user > > > > > > many thanks. > > > L##SELECTION_END## > > > -- > > > Manage your subscription for the Freeipa-users mailing list: > > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > Go to http://freeipa.org for more info on the project > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project