Re: [Freeipa-users] freeIPA function basics from user's perspective
On 03/11/2015 07:57 AM, Robert Erzen wrote: Thanks for your input. Since I have most users on Windows clients, I will have to consider implementing AD and join Linux servers in. Any thought on that? br I think the best would be to read my blogs. Jan 20, 2015 An Introduction to Interoperability Challenges in the Modern Enterprise http://rhelblog.redhat.com/2015/01/20/an-introduction-to-interoperability-challenges-in-the-modern-enterprise/ Jan 22, 2015 Closing the Integration Gap http://rhelblog.redhat.com/2015/01/22/closing-the-integration-gap/ Jan 28, 2015 Aspects of Integration http://rhelblog.redhat.com/2015/01/28/aspects-of-integration/ Feb 04, 2015 Overview of Direct Integration Options http://rhelblog.redhat.com/2015/02/04/overview-of-direct-integration-options/ Feb 19, 2015 Overview of Indirect Active Directory Integration Using Identity Management (IdM) http://rhelblog.redhat.com/2015/02/19/overview-of-indirect-active-directory-integration-using-identity-management-idm/ Feb 26, 2015 Active Directory and Identity Management (IdM) Trusts – Exactly Where Are My Users? http://rhelblog.redhat.com/2015/02/26/active-directory-and-identity-management-idm-trusts-exactly-where-are-my-users/ -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] freeIPA function basics from user's perspective
Thanks for your input. Since I have most users on Windows clients, I will have to consider implementing AD and join Linux servers in. Any thought on that? br -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] freeIPA function basics from user's perspective
Hi all, I'm new to freeIPA and I'm researching how freeIPA bassically work. How does this looks like from the perspective of the end user. Can you please confirm or correct my knowledge about freeIPA functioning. Let assume we have a mixed environment of five freeIPA servers which are gatheredint one domain. Then we have additional ten Linux servers which are aded to realm as Linux hosts. Then we have also five Windows servers, which are connected into Active directory. Trust relationship between freeIPA and AD is established. When Windows user log into AD, he gets authenticated by AD and gain access to assets in AD as well in freeIPA. Is this correct? How does things go with a Linux user? Will I be able to join his Ubuntu user name and password to freeIPA? Will he authenticate with freeIPA every time, he will log into his Ubuntu? Thanx -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] freeIPA function basics from user's perspective
On 03/10/2015 02:39 PM, Robert Erzen wrote: Hi all, I'm new to freeIPA and I'm researching how freeIPA bassically work. How does this looks like from the perspective of the end user. Can you please confirm or correct my knowledge about freeIPA functioning. Let assume we have a mixed environment of five freeIPA servers which are gatheredint one domain. Then we have additional ten Linux servers which are aded to realm as Linux hosts. Then we have also five Windows servers, which are connected into Active directory. Trust relationship between freeIPA and AD is established. When Windows user log into AD, he gets authenticated by AD and gain access to assets in AD as well in freeIPA. Is this correct? How does things go with a Linux user? Will I be able to join his Ubuntu user name and password to freeIPA? Linux users are managed by IPA. SSSD will know based on the fully qualified name of the user (or short name which will be assumed to be an IPA user name in default configuration) that the user needs to be authenticated against IPA. Will he authenticate with freeIPA every time, he will log into his Ubuntu? Yes. And policies defined in IPA will apply. All this assumes you have a relatively recent SSSD version on Ubuntu you plan to use. There is a solution for legacy clients too. See more details on the wiki on the documentation page (search for the word legacy on the page). Thanx -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project