Sumit, Thanks for answer.
MS claims that adcli + sssd allows you to join an Azure AD domain services. https://learn.microsoft.com/en-us/azure/active-directory-domain-services/join-rhel-linux-vm Like I say, I'm not an AD expert. Certainly not AzureAD. Spike On Fri, Jan 6, 2023 at 12:42 AM Sumit Bose <sb...@redhat.com> wrote: > Am Thu, Jan 05, 2023 at 11:03:55AM -0600 schrieb Spike White: > > All, > > > > Our org uses sssd for direct integration to our corp AD forest, which has > > the std MS schema extension (RFC 2307bis IIRC). > > > > Currently, we have some Windows builds running in the Azure cloud, > > integrated via AzureAD. I'm not a Windows engineer, so I don't know the > > details of this Windows-based user authentication. Other than it works. > > > > Does sssd support direct integration to AzureAD? > > > > I read this with great interest: > > > https://research.redhat.com/blog/engineering_project/integrate-sssd-with-azure-ad/ > > > > So if sssd supports this, any sssd config changes required for AzureAD? > > Hi, > > currently this is only possilbe with the help of FreeIPA. See > > https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.html > for an example with keycloak as IdP, but you can use AzureAD as well. > > There is a chapter in the official RHEL IdM documentation at > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/managing_idm_users_groups_hosts_and_access_control_rules/assembly_using-external-identity-providers-to-authenticate-to-idm_managing-users-groups-hosts > too. > > bye, > Sumit > > > > > Spike > > > _______________________________________________ > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue