Hello guys, i found lots of tutorials helping on how to map AD (Active Directory) users over Freeipa as seen here: https://jamalshahverdiev.wordpress.com/2017/09/09/integration-freeipa-in-cen... and http://prolinuxhub.com/integrate-freeipa-with-windows-2016-active-directory/
My question is, can i make the other way around? I wan't to map the Freeipa Group (Admin) as admin over the Active Directory. Can i?
I've already setup an transient two-way trust between both, authentication works nice for freeipa users over AD. I just want to setup admin users for the windows workstations.
Thanks.
Hello Lucas,
take a look at this thread:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
I have the same problem and the answer is no.
Maybe i'm wrong, this would be great.
Regards
Dirk
I talked to Dmitri Pat at Red Hat Summit and he says they have it on the road map but have IdM act as the primary data store for credentials, but they need people (manpower) who can help them develop it.
On Tue, May 21, 2019 at 4:14 AM Dirk Streubel via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hello Lucas,
take a look at this thread:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
I have the same problem and the answer is no.
Maybe i'm wrong, this would be great.
Regards
Dirk _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Thanks a lot for this Information Kristian. I would be a great thing if FreeIPA have this option.
Regard Dirk
Yes, it would be awesome, as i use Freeipa as the responsible for handling user and groups information, it would be nice to trust this to AD ad i just want to use it to authentication.
What should be the workaround about this? sync users and groups to AD?
Thanks.
The only option right now is a cross-forest trust with AD where AD is the primary data store for users and groups.
On Thu, May 23, 2019 at 7:36 AM LUCAS GUILHERME DIEDRICH via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Yes, it would be awesome, as i use Freeipa as the responsible for handling user and groups information, it would be nice to trust this to AD ad i just want to use it to authentication.
What should be the workaround about this? sync users and groups to AD?
Thanks. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Actually, i think there should be someway to sync everything to AD programatically, as i have more than 10k users, 390 groups, 1400 linux hosts using sssd i can't migrate my environment to AD as primary data, than i should by MS cal licenses also. This is a mess, i'll look for a workaround somehow.
Thanks for the help guys.
Does anyone know if this still valid?
https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/managing-s...
On ti, 28 touko 2019, LUCAS GUILHERME DIEDRICH via FreeIPA-users wrote:
Does anyone know if this still valid?
https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/managing-s...
You should really look into the official documentation.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm... https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
AB, sorry for that, at the second i posted i found the official docs and saw that the sync works, but only AD -> Freeipa, i'm think about this and maybe migrate everything to AD or create some python scripts to sync the data without trust or anything.
thanks for all.
freeipa-users@lists.fedorahosted.org