[Freeipa-users] freeIPA function basics from user's perspective

[Dmitri Pal]

On 03/10/2015 02:39 PM, Robert Erzen wrote:
> Hi all,
>
> I'm new to freeIPA and I'm researching how freeIPA bassically work. 
> How does this looks like from the perspective of the end user.
> Can you please confirm or correct my knowledge about freeIPA functioning.
>
> Let assume we have a mixed environment of five freeIPA servers which 
> are gatheredint one domain.
> Then we have additional ten Linux servers which are aded to realm as 
> Linux hosts.
> Then we have also five Windows servers, which are connected into 
> Active directory.
> Trust relationship between freeIPA and AD is established.
> When Windows user log into AD, he gets authenticated by AD and gain 
> access to assets in AD as well in freeIPA.  Is this correct?
> How does things go with a Linux user? Will I be able to join his 
> Ubuntu user name and password to freeIPA?

Linux users are managed by IPA. SSSD will know based on the fully 
qualified name of the user (or short name which will be assumed to be an 
IPA user name in default configuration) that the user needs to be 
authenticated against IPA.

> Will he authenticate with freeIPA every time, he will log into his Ubuntu?

Yes.
And policies defined in IPA will apply.
All this assumes you have a relatively recent SSSD version on Ubuntu you 
plan to use.

There is a solution for legacy clients too. See more details on the wiki 
on the documentation page (search for the word "legacy" on the page).
>
> Thanx
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150310/b1228276/attachment.htm>