Hello,
Where I work we are a small shop. We are currently using just FreeIPA for authentication and DNS and other Linux management stuff that it does for us. We have enough Windows workstations now that it would be really nice to be able to manage those like we can our Linux stuff. From what I have read thus far, it seems that if you use FreeIPA with AD AD is the primary user store and FreeIPA kind of takes a back seat. I am looking for some help in better understanding the implications of using FreeIPA along with AD. Is there someone who could help me unravel this a bit or point me at some good resources?
The documentation on this is pretty good. Basically, you can ’trust’ AD from FreeIPA, which means the users from AD can be used in IPA. Groups too. Passwords must be set and reset in AD, but everything you need for Linux (SSH keys, host rules etc) can be done in IPA.
https://www.freeipa.org/page/Active_Directory_trust_setup
On 7 Mar 2019, at 18:34, Kristian Petersen via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello,
Where I work we are a small shop. We are currently using just FreeIPA for authentication and DNS and other Linux management stuff that it does for us. We have enough Windows workstations now that it would be really nice to be able to manage those like we can our Linux stuff. From what I have read thus far, it seems that if you use FreeIPA with AD AD is the primary user store and FreeIPA kind of takes a back seat. I am looking for some help in better understanding the implications of using FreeIPA along with AD. Is there someone who could help me unravel this a bit or point me at some good resources?
-- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
There is also a lot of documentation on https://access.redhat.com specifically:
"INTEGRATING A LINUX DOMAIN WITH AN ACTIVE DIRECTORY DOMAIN: CROSS-FOREST TRUST" https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
"USING ID VIEWS IN ACTIVE DIRECTORY ENVIRONMENTS" https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
Regards, François
On Thu, Mar 7, 2019 at 8:47 PM John Keates via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
The documentation on this is pretty good. Basically, you can ’trust’ AD from FreeIPA, which means the users from AD can be used in IPA. Groups too. Passwords must be set and reset in AD, but everything you need for Linux (SSH keys, host rules etc) can be done in IPA.
https://www.freeipa.org/page/Active_Directory_trust_setup
On 7 Mar 2019, at 18:34, Kristian Petersen via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello,
Where I work we are a small shop. We are currently using just FreeIPA for authentication and DNS and other Linux management stuff that it does for us. We have enough Windows workstations now that it would be really nice to be able to manage those like we can our Linux stuff. From what I have read thus far, it seems that if you use FreeIPA with AD AD is the primary user store and FreeIPA kind of takes a back seat. I am looking for some help in better understanding the implications of using FreeIPA along with AD. Is there someone who could help me unravel this a bit or point me at some good resources?
-- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org