[Freeipa-users] proxy with Active Directory
Brian Cook
bcook at redhat.com
Thu May 10 16:27:23 UTC 2012
THe problem with the cross realm trust support as I understand it is that it requires you to populate posix attributes in AD, which many AD admins are hesitant to do. You have to install the AD services for unix pack and create metadata object in the directory for tracking UID and GID and then manage users via the ADSFU snap in. I have run in to significant resistance to this and the Linux guys usually do not have access.
Brian
On May 9, 2012, at 3:19 PM, Steven Jones wrote:
> That is possibly RHEl6.4? so year end?
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Simo Sorce [simo at redhat.com]
> Sent: Thursday, 10 May 2012 10:15 a.m.
> To: Sylvain Angers
> Cc: Freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] proxy with Active Directory
>
> On Wed, 2012-05-09 at 14:19 -0400, Sylvain Angers wrote:
>> Hello
>>
>> Our security group have concern with copying username/password from
>> from AD and might not allow this synchronisation to even happen.
>> Is there a way to configure ipa to go get username/password via kind
>> of proxy?
>
> Not really, your best bet in that situation is cross realm trust support
> schedule for the next FreeIPA version.
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list