Hello,
As today there’s any way to create a trust between two FreeIPA servers? I know that up to version 4.5 this isn’t possible yet.
If there’s no way to create a trust, at least one server can consume it’s users from another one? They are in different domain level, one being a subdomain (DNS and Kerberos Realms) of another one, this way:
# Server 1 int.example.com
# Server 2 other.int.example.com
Thanks,
Hi,
On Thu, Oct 31, 2019 at 4:54 PM Vinícius Ferrão via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello,
As today there’s any way to create a trust between two FreeIPA servers? I know that up to version 4.5 this isn’t possible yet.
Not yet: https://pagure.io/freeipa/issue/4867
If there’s no way to create a trust, at least one server can consume it’s users from another one?
If the question is, "can IPA servers from IPA domain <A> consume users from IPA servers from IPA domain <B>", then no, to the best of my knowledge. If the question is, "can IPA servers from IPA domain <A> live in a subdomain of <A>", then yes. If the question is, "can IPA clients be in a subdomain of the IPA domain", then yes.
François
They are in different domain level, one being a subdomain (DNS and Kerberos Realms) of another one, this way:
# Server 1 int.example.com
# Server 2 other.int.example.com
Thanks,
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Thanks François,
On 31 Oct 2019, at 15:04, François Cami fcami@redhat.com wrote:
Hi,
On Thu, Oct 31, 2019 at 4:54 PM Vinícius Ferrão via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello,
As today there’s any way to create a trust between two FreeIPA servers? I know that up to version 4.5 this isn’t possible yet.
Not yet: https://pagure.io/freeipa/issue/4867
If there’s no way to create a trust, at least one server can consume it’s users from another one?
If the question is, "can IPA servers from IPA domain <A> consume users from IPA servers from IPA domain <B>", then no, to the best of my knowledge. If the question is, "can IPA servers from IPA domain <A> live in a subdomain of <A>", then yes. If the question is, "can IPA clients be in a subdomain of the IPA domain", then yes.
It’s first case… so I’m screwed :)
François
They are in different domain level, one being a subdomain (DNS and Kerberos Realms) of another one, this way:
# Server 1 int.example.com
# Server 2 other.int.example.com
Thanks,
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org
-
François Cami -
Vinícius Ferrão