On to, 09 helmi 2017, Munoz, Ian A wrote:
Hello,
I can't seem to set up or find decent documentation on either
cross-domain or pass through authentication. I have tried kerberos
cross realm, and saslauthd.
I have two different scenarios I would like to potentially accomplish.
1. FreeIPA domain of a.example.tld pass through authentication to FreeIPA
domain b.example.tld
There is no support for IPA-IPA trust currently.
2. FreeIPA a.example.tld needs to pass through authentication to our
enterprise ldap
There is no support for this either.
What is the correct documentation to be following? Should I be trying
to achieve this via an openldap pass through or a kerberos cross realm
trust?
The only supported configuration for authenticating externally defined
users is when they are part of Active Directory domain. In such case
establishing forest trust to Active Directory is the right thing to do.
Please note that it is not just a Kerberos cross realm trust, so don't
try that option on Active Directory side, it will not work against
FreeIPA.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
