[Freeipa-users] IPA client default authentication domain/realm different than member domain/realm.
Simo Sorce
simo at redhat.com
Tue Jun 24 11:20:07 UTC 2014
On Mon, 2014-06-23 at 10:18 -0500, McNiel, Craig wrote:
> I am trying to integrate an IPA domain with a windows domain and I would
> like to be able to have the users authenticated to the windows domain as a
> default without having to append the realm to the login credentials as we
> will not be using user authentication from the IPA domain.
>
>
> The main reason for this is the Windows domain is a corporate run domain
> that has an integrated joiners and leavers process for users and groups and
> we don't want to have to duplicate that effort locally however I also don't
> want my users to have to type
>
>
> logon: username at WIN.DOMAIN.COM
>
>
> I would instead like for them to just input the username and have the
> REALM/Domain assumed to be WIN.DOMAIN.COM instead of IPA.DOMAIN.COM
>
>
> I'm not certain how to configure the client for this configuration.
Look at the default_domain_suffix config option in sssd.conf
Simo.
> Example.
>
>
>
> ****************************************
>
> * Win Domain (Users and Groups)*
>
> ****************************************
>
> |
>
> |
>
> ****************** ***********
>
> * IPA Domain * <-----> *Clients *
>
> ****************** ***********
>
>
>
> Thanks !
>
>
>
> - Craig
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list