[Freeipa-users] FreeIPA as domain controller?
Brian Candler
b.candler at pobox.com
Tue Oct 18 12:35:40 UTC 2016
On 17/10/2016 15:52, Alexander Bokovoy wrote:
> If you set ID range for corresponding AD domain in IPA to be
> 'ipa-ad-trust-posix' and make sure all users that need to logon to IPA
> have POSIX attributes, then it should work.
>
> I think most of this is described in the Windows Integration Guide for
> RHEL7.
Thank you.
Final question. Suppose I use just the ipa-client package with sssd-ad
pointing to Samba4 (or even real Windows AD). Is that likely to be a
satisfactory solution for managing the *nix boxes, or would I be better
of with two separate domains?
For example, would I lose the features that FreeIPA gives me like
host-based access controls, sudo controls, central storage of ssh public
keys?
Thanks,
Brian.
More information about the Freeipa-users
mailing list