[Freeipa-users] Cross domain or pass through authentication v4.4
Alexander Bokovoy
abokovoy at redhat.com
Fri Feb 10 06:13:42 UTC 2017
On to, 09 helmi 2017, Munoz, Ian A wrote:
>Hello,
>
>I can't seem to set up or find decent documentation on either
>cross-domain or pass through authentication. I have tried kerberos
>cross realm, and saslauthd.
>
>I have two different scenarios I would like to potentially accomplish.
>
>1. FreeIPA domain of a.example.tld pass through authentication to FreeIPA domain b.example.tld
There is no support for IPA-IPA trust currently.
>2. FreeIPA a.example.tld needs to pass through authentication to our
>enterprise ldap
There is no support for this either.
>
>What is the correct documentation to be following? Should I be trying
>to achieve this via an openldap pass through or a kerberos cross realm
>trust?
The only supported configuration for authenticating externally defined
users is when they are part of Active Directory domain. In such case
establishing forest trust to Active Directory is the right thing to do.
Please note that it is not just a Kerberos cross realm trust, so don't
try that option on Active Directory side, it will not work against
FreeIPA.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list