[Freeipa-users] AD/IPA login compatibility
Hugh
hugh at psychopig.com
Wed Feb 4 20:01:34 UTC 2015
On 1/29/2015 4:26 PM, Dmitri Pal wrote:
> How are the domains connected? Do you use trust or sync?
Trust. We wanted to have just one account and not need to install
additional software on the AD servers if possible.
>> 1) Is it possible to log into a workstation that's been joined to a
>> domain with IPA credentials?
>>
>
> You mean can I access a Windows workstation joined to AD domain by user
> from IPA domain?
> No it is not implemented. It will require Global Catalog support in IPA.
Out of curiosity, then why can we do this with the regular Kerberos?
> If you just want to use IPA for windows you for now have to use the same
> Kerberos setup on Windows workstations as you have in the old domain.
Do you mean use regular MIT Kerberos instead of FreeIPA, or configure
the Kerberos portion of FreeIPA like we had it in our old domain?
On a semi-related note, is there a way to be able to log into a Linux
workstation with an AD account without having to specify the AD domain?
In other words, ssh to a server with <username> instead of
<username at ad.domain.com>.
Thanks again in advance,
Hugh
More information about the Freeipa-users
mailing list