[Freeipa-users] Trusted Realm Across IPA Servers
Dmitri Pal
dpal at redhat.com
Fri Dec 12 13:55:20 UTC 2014
On 12/12/2014 12:36 AM, Eldo Joseph wrote:
> Hi All,
>
> I have requirement to access the service under different IPA servers,
> can some one help me on this...
>
> IPA Servers are running on V3.
>
> -Eldo-
>
>
Are you saying that you have different IPA domains that are not
connected and you need to be able to log into a host from different domains?
If so you need:
a) Decide which domain is the primary domain for the host.
b) Join the host to the second domain
c) Manually configure the second authentication domain in sssd.
I am not sure whether the IPA back end would work. It might be worth a try.
If you configure the second back end as LDAP or LDAP + Kerberos it
should be fine.
Ask on SSSD list for more help if needed.
You need to make sure that your:
- UIDs do not overlap between domains
- you use FQDN for users when login
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141212/4ea37735/attachment.htm>
More information about the Freeipa-users
mailing list