[Freeipa-users] Centos5 - freeipa - AD trust
Alexander Bokovoy
abokovoy at redhat.com
Tue Nov 25 21:40:57 UTC 2014
On Tue, 25 Nov 2014, Nicolas Zin wrote:
>Hi,
>
>I successfully create a trust relationship between a freeipa 3.3 realm (on Centos 7) and a windows 2008 AD.
>Now I add some machine clients to my IPA realm, and try to connect to them with my AD credential:
>- connecting to the 2 freeipa server: no problem
>- connecting to a Centos6 machine: no problem
>- connecting to a Centos5 machine: fail
>
>to say it differently:
>- when connecting to the Centos5 with a Freeipa Realm user it works
>- when connecting to the Centos5 with a AD Realm user, it fails
>
>I just want a confirmation: it fails because centos5 is packaged with
>sssd < 1.9 and do not support cross realm? (and indeed, it cannot
>works) or is it possible to make it working? and my error is somewhere
>else?
Right, RHEL5/CentOS5 cannot see AD users directly like other SSSD
systems.
If you enabled compat tree integration when running
'ipa-adtrust-install', you may try to configure CentOS5 machine to use
compat tree. This has some limitations but it exposes both IPA and AD
users and allows to authenticate AD users against LDAP in compat tree.
See http://www.freeipa.org/images/0/0d/FreeIPA33-legacy-clients.pdf for
details.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list