We currently have a single AD (2016) domain, company.co.uk. The DNS zone file
is managed by Active Directory, so all machines (Windows and Linux) are listed
in the zone file. Windows users authenticate against AD and Linux users
authenticate against a separate NIS server. We are considering replacing NIS
with a FreeIPA server.
The most important consideration is to maintain the *ix users GUID and UID data
that is currently stored on the NIS sever. If this data could be stored in AD,
then we probable would not be considering FreeIPA. A typical *ix user
workflow is for the user to ssh from their local machine to one of 20
developments servers. The user GUID and UID must be the same regardless of
which machine they access. We don’t currently have any username/password
synchronisation between AD and NIS so this is not a requirement. It’s clear
that enable a trust between FreeIPA and AD, we would need to create a separate
IPA domain.
I assume all 20 development servers would need to be added to the IPA domain?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/GXE6JWTWE5VUDHWTV6DGFFUOJPYY4IM3/