<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 03/10/2015 02:39 PM, Robert Erzen
wrote:<br>
</div>
<blockquote
cite="mid:CAKs9qt5zAw0ds62dPYaeySgMiMNJMhUD7gcw2XSymS5_-2_StQ@mail.gmail.com"
type="cite">
<div dir="ltr">Hi all,
<div><br>
</div>
<div>I'm new to freeIPA and I'm researching how freeIPA
bassically work. How does this looks like from the perspective
of the end user.</div>
<div>Can you please confirm or correct my knowledge about
freeIPA functioning.</div>
<div><br>
</div>
<div>Let assume we have a mixed environment of five freeIPA
servers which are gatheredint one domain.</div>
<div>Then we have additional ten Linux servers which are aded to
realm as Linux hosts.</div>
<div>Then we have also five Windows servers, which are connected
into Active directory.</div>
<div>Trust relationship between freeIPA and AD is established.</div>
<div>When Windows user log into AD, he gets authenticated by AD
and gain access to assets in AD as well in freeIPA. Is this
correct?</div>
<div>How does things go with a Linux user? Will I be able to
join his Ubuntu user name and password to freeIPA?</div>
</div>
</blockquote>
<br>
Linux users are managed by IPA. SSSD will know based on the fully
qualified name of the user (or short name which will be assumed to
be an IPA user name in default configuration) that the user needs to
be authenticated against IPA.<br>
<br>
<blockquote
cite="mid:CAKs9qt5zAw0ds62dPYaeySgMiMNJMhUD7gcw2XSymS5_-2_StQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Will he authenticate with freeIPA every time, he will log
into his Ubuntu?<br clear="all">
</div>
</div>
</blockquote>
<br>
Yes.<br>
And policies defined in IPA will apply.<br>
All this assumes you have a relatively recent SSSD version on Ubuntu
you plan to use.<br>
<br>
There is a solution for legacy clients too. See more details on the
wiki on the documentation page (search for the word "legacy" on the
page).<br>
<blockquote
cite="mid:CAKs9qt5zAw0ds62dPYaeySgMiMNJMhUD7gcw2XSymS5_-2_StQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div class="gmail_signature"><br>
</div>
<div class="gmail_signature">Thanx</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>