[Freeipa-users] Requesting contact with users running PassSync AD -> FreeIPA
Dmitri Pal
dpal at redhat.com
Wed Nov 6 12:20:55 UTC 2013
On 11/05/2013 02:05 PM, EP wrote:
> Thanks for your answers so far.
>
> A question about cross realm trusts though: This requires the AD servers to be available when doing a login via FreeIPA, right? Or is FreeIPA caching information from AD?
>
> We don't want Linux logins to be dependent on a windows server being available, that won't end well :)
Yes it is because the authentication actually happens against the domain
the user belongs to.
If user is in AD then AD will authenticate the user and then the tickets
will be exchanged between domains to allow user to access services in
other domains.
If you want users to be in IPA then you would have to sync.
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list