#5762 [RFE] Support IdM Client in a DNS domain controlled by AD
Closed: Fixed None Opened 8 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1320838

Description of problem:
In many user environments, the potential IdM clients are in a DNS domain
controlled by Active Directory (aka "Trust Frankenstein setup").

Requirement to migrate them all to an IdM controlled domain is not usually
rather complicated. This bug is a request for procedure or a document on how to
deploy IdM with a client hostname in an AD DNS domain.


User Story:
IDMRHEL-42: As an Administrator with a big number of Linux machines in a DNS
domain controlled by Active Directory, I want to join them to the IdM Server so
that they can benefit from it?s Linux focused features.

Design is ready for review.

Alexander, thanks! I tried to digest and it seems that the answer to the question that I have in mind is "yes" but I am not clear on exactly how.

So here is the question: As and administrator on a Windows system connected to my AD domain I want to SSH into a
Linux system in a trusted IPA domain that has a hostname managed by AD DNS zone. Can I do this and how?

It seems that it would be possible but after reading the page I do not see exactly how. Do I need to make any changes on the Windows client? If so which? If the changes are just on the Linux box I access. What are the steps that I need to run, can the be presented in a list that I can follow?

If hostname is in AD DNS zone, the only working login schemes are by utilizing a password or a public key. No single sign-on (GSSAPI) will be possible.

No changes on Windows client are needed.

The changes for Linux side are outlined in http://www.freeipa.org/page/V4/IPA_Client_in_Active_Directory_DNS_domain#No_single_sign-on_required

With Alexander's FreeIPA.org article published and #5903 fixed, I think we can consider this request fixed, to the best of our knowledge.

Metadata Update from @pvoborni:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 4.4

7 years ago

Login to comment on this ticket.

Metadata