[Freeipa-users] Trust services
Sumit Bose
sbose at redhat.com
Wed May 28 16:22:38 UTC 2014
On Wed, May 28, 2014 at 10:47:13AM -0300, tizo wrote:
> I would like to know, if having configured trusts services between FreeIPA
> and Active Directory, allow AD users to authenticate in services that are
> only configured to authenticate against FreeIPA.
>
> For example, having configured the trusts, if I have a mail server that is
> using FreeIPA as its authentication method, can a user A from Active
> Directory, who does not exist in FreeIPA, authenticate in the mail server?.
It depends a bit on how the users authenticate exactly because IPA
offers Kerberos and LDAP authentication.
Kerberos should work out of the box because thats one of the trusts
components, trusting Kerberos tickets from the other domain/realm.
For LDAP authentication you should be able to find the users from the
trusted domain in the compat tree below
cn=compat,dc=your,dc=ipa,dc=domain . To authenticate the user you can
do a LDAP bind with the DN form the compat tree and the password used in
AD.
HTH
bye,
Sumit
>
> Thanks very much.
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list