[Freeipa-users] FreeIPA en Domain Trust
Jakub Hrozek
jhrozek at redhat.com
Mon Nov 23 10:18:28 UTC 2015
On Mon, Nov 23, 2015 at 10:54:03AM +0100, Martin Kosek wrote:
> On 11/23/2015 10:50 AM, Winfried de Heiden wrote:
> > Hi all,
> >
> > For some reason, we only want to use the Active Directory user from an Active
> > Directory using a Trust. (groups like "Domain Users" are of no use...)
> >
> > Is it possible to ignore (hide) ALL groups from a particular Domain (trust)/
> >
> > Kinds Regards,
> >
> > Winny
>
> This looks as a question for the client part (SSSD). I do not fully understand
> the use case, you want to allow AD user to authenticate to Linux box, but you
> do not want the Linux box to see any of the AD groups? What is the motivation,
> if I may ask?
>
I don't think this is possible, at least not until there would be a
separate subdomain configuration. At the moment, most of the subdomain
configuration is just the defaults.
But I don't see the reason either, at most the groups would be able to
own resources on IPA-managed boxes..
More information about the Freeipa-users
mailing list