[Freeipa-users] Possible for system to be member of both IPA domain and AD domain?
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Tue Mar 3 19:54:47 UTC 2015
On Tuesday, March 03, 2015 02:41:58 PM Dmitri Pal wrote:
> On 03/03/2015 02:24 PM, Erinn Looney-Triggs wrote:
> > Before I go charging down this path too far, I wanted to figure out
> > whether it is possible for a RHEL 7 system to be a member of both an IPA
> > domain and a separate AD domain?
> >
> > At this point trusts are not established between IPA and the AD, this will
> > happen around the 7.1 release, however, I would like the system to use IPA
> > for auth of things like ssh and the AD domain for auth of CIFS/SMB shares
> > via samba 4.
> >
> > Is this possible? Anyone know? Seems like it should be.
>
> It might be possible with some configuration hacks but we have not done
> them so it is not known. I suspect that the challenge will be making
> sure that SSSD and winbind do not step on each other regarding users.
>
> 7.1 will allow you to do what you want via trust so it would be safer to
> wait a bit for it than to try to hack something with questionable
> probability of success.
>
> > -Erinn
Are you questioning my hacking skills ;)
Thanks for the info, it looked possible but difficult, 7.1 should be out real
soon now (tm), I'll wait.
-Erinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150303/909446ea/attachment.sig>
More information about the Freeipa-users
mailing list