[Freeipa-users] Possible for system to be member of both IPA domain and AD domain?
Dmitri Pal
dpal at redhat.com
Tue Mar 3 21:48:23 UTC 2015
On 03/03/2015 02:54 PM, Erinn Looney-Triggs wrote:
> On Tuesday, March 03, 2015 02:41:58 PM Dmitri Pal wrote:
>> On 03/03/2015 02:24 PM, Erinn Looney-Triggs wrote:
>>> Before I go charging down this path too far, I wanted to figure out
>>> whether it is possible for a RHEL 7 system to be a member of both an IPA
>>> domain and a separate AD domain?
>>>
>>> At this point trusts are not established between IPA and the AD, this will
>>> happen around the 7.1 release, however, I would like the system to use IPA
>>> for auth of things like ssh and the AD domain for auth of CIFS/SMB shares
>>> via samba 4.
>>>
>>> Is this possible? Anyone know? Seems like it should be.
>> It might be possible with some configuration hacks but we have not done
>> them so it is not known. I suspect that the challenge will be making
>> sure that SSSD and winbind do not step on each other regarding users.
>>
>> 7.1 will allow you to do what you want via trust so it would be safer to
>> wait a bit for it than to try to hack something with questionable
>> probability of success.
>>
>>> -Erinn
> Are you questioning my hacking skills ;)
No, just being mindful of your time.
>
> Thanks for the info, it looked possible but difficult, 7.1 should be out real
> soon now (tm), I'll wait.
Yep
> -Erinn
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list