[Freeipa-users] proxy with Active Directory
Dmitri Pal
dpal at redhat.com
Sun May 13 18:24:01 UTC 2012
On 05/10/2012 12:27 PM, Brian Cook wrote:
> THe problem with the cross realm trust support as I understand it is that it requires you to populate posix attributes in AD, which many AD admins are hesitant to do. You have to install the AD services for unix pack and create metadata object in the directory for tracking UID and GID and then manage users via the ADSFU snap in. I have run in to significant resistance to this and the Linux guys usually do not have access.
You are referring to the current support of AD in SSSD. The UID and GID
in AD are required for SSSD to work but in 6.4 this will change too as
SSSD would be able to deal with AD SIDs too and do the id mapping in the
same way as samba does (and better).
> Brian
>
>
> On May 9, 2012, at 3:19 PM, Steven Jones wrote:
>
>> That is possibly RHEl6.4? so year end?
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>> ________________________________________
>> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Simo Sorce [simo at redhat.com]
>> Sent: Thursday, 10 May 2012 10:15 a.m.
>> To: Sylvain Angers
>> Cc: Freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] proxy with Active Directory
>>
>> On Wed, 2012-05-09 at 14:19 -0400, Sylvain Angers wrote:
>>> Hello
>>>
>>> Our security group have concern with copying username/password from
>>> from AD and might not allow this synchronisation to even happen.
>>> Is there a way to configure ipa to go get username/password via kind
>>> of proxy?
>> Not really, your best bet in that situation is cross realm trust support
>> schedule for the next FreeIPA version.
>>
>> Simo.
>>
>> --
>> Simo Sorce * Red Hat, Inc * New York
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list