On 17/10/2016 15:52, Alexander Bokovoy wrote:
If you set ID range for corresponding AD domain in IPA to be
'ipa-ad-trust-posix' and make sure all users that need to logon to IPA
have POSIX attributes, then it should work.
I think most of this is described in the Windows Integration Guide for
RHEL7.
Thank you.
Final question. Suppose I use just the ipa-client package with sssd-ad
pointing to Samba4 (or even real Windows AD). Is that likely to be a
satisfactory solution for managing the *nix boxes, or would I be better
of with two separate domains?
For example, would I lose the features that FreeIPA gives me like
host-based access controls, sudo controls, central storage of ssh public
keys?
Thanks,
Brian.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
