How can i define default classes for newly created Computer objects?
Anabela Mazurek via FreeIPA-users wrote:
How can i define default classes for newly created Computer objects?
There is no option to do it, you'd need to write a small plugin which adds your new objectclass. See slide 17 of https://www.freeipa.org/page/File:FreeIPA33-extending-freeipa.pdf
I'm curious what the goal is.
rob
We are trying solve problem with certificate login using smart card to FreeIpa kerberos added Widndows workstation. As we are testing there could be request of using ntuser and or ipantuser class for getting sid and ntname attribs. For now we are not sure if it is needed but when we was trying define this for newly created objects we discovered that this is impossible and because we are not sure if it is like this i did ask. Thank you for answer. Anabela
Anabela Mazurek via FreeIPA-users wrote:
We are trying solve problem with certificate login using smart card to FreeIpa kerberos added Widndows workstation. As we are testing there could be request of using ntuser and or ipantuser class for getting sid and ntname attribs. For now we are not sure if it is needed but when we was trying define this for newly created objects we discovered that this is impossible and because we are not sure if it is like this i did ask. Thank you for answer.
So you managed to enroll a windows client into IPA and now you want to use smart cards with certificates to authenticate the users in Windows?
I'm not sure anyone has tried before but you wouldn't need *user in the machine entry regardless.
We don't encourage people to directly enroll windows clients into IPA. IPA is not an AD replacement. We recommend using AD trust instead.
rob
freeipa-users@lists.fedorahosted.org
-
Anabela Mazurek -
Rob Crittenden