[Freeipa-users] Remove AD domain in auth commands
Martin Babinsky
mbabinsk at redhat.com
Tue Nov 8 07:57:57 UTC 2016
On 11/07/2016 09:11 PM, James Harrison wrote:
> Hello
> Sorry didn't explain. The ipa is the default domain, but I also want to
> use the Windows domain to authenticate, but I want the OS to detect what
> realm to use in the ssh command.
>
> Thanks
>
> On Mon, 7 Nov, 2016 at 11:48, Martin Basti
> <mbasti at redhat.com> wrote:
>
> AFAIK Jakub already answered that
> https://www.redhat.com/archives/freeipa-users/2016-November/msg00031.html
>
> On 07.11.2016 12:05, James Harrison wrote:
>> Anyone ?
>>
>> Sent from Yahoo Mail on Android
>> <https://overview.mail.yahoo.com/mobile/?.src=Android>
>>
>> On Fri, 4 Nov, 2016 at 11:04, James Harrison
>> <jamesaharrisonuk at yahoo.co.uk> wrote:
>> Hello,
>>
>> I've installed FreeIPA 4.2 master using Centos and I have a
>> Windows 2012R2 with its AD schema emulating a Windows 2012 system
>>
>> I have established a trust between the two and it appears to
>> work. I can reference a user on the AD domain, but the only
>> way is to add the AD domain.
>>
>> The only way to ssh to the master IPA server is like this:
>>
>> ssh "x_xxxx at IPAWIN.LOCAL"@10.10.10.10
>>
>> Another example is using kinit:
>>
>> I have to do the following to get a credential:
>> kinit x_xxxx at IPAWIN.LOCAL
>>
>> Ideally I would not need or use the "@IPAWIN.LOCAL".
>>
>> Can anyone help?
>>
>> Best regards,
>> James Harrison
>>
>>
>>
>
>
>
Hi James,
as Jakub pointed out you may have to wait for the next release of SSSD
for this to work.
--
Martin^3 Babinsky
More information about the Freeipa-users
mailing list