[Freeipa-users] Where should I create my Linux and Mac users in a AD IPA trust?
Jakub Hrozek
jhrozek at redhat.com
Wed Feb 10 08:52:26 UTC 2016
On Wed, Feb 10, 2016 at 08:41:15AM +0530, Supratik Goswami wrote:
> I am currently running IPA server 4.2 in RHEL 7.2 and I have created a
> two-way trust between
> my Windows AD and IPA server.
>
> I have a heterogeneous environment where I have Windows, Linux and Mac
> clients.
>
> The Windows users are present in AD and they can access the resources under
> IPA through the trust relationship.
>
> What are the pros and cons
>
> 1. When I create Linux and Mac users in the AD.
I'd say the management might be a slightly more complex than native IPA
users due to having to use the IPA external groups to nest AD users and
groups into IPA groups and eventually IPA policy resources like sudo
rules or HBAC rules.
>
> 2. When I create Linux and Mac users in IPA
Even though the trust is described as two-way, it is really not possible
to access Windows resources or log in to Windows computers for IPA
users.
More information about the Freeipa-users
mailing list