On ke, 06 helmi 2019, Charles Ulrich via FreeIPA-users wrote:
Hello,
I'm setting up a test instance of FreeIPA with a one-way trust to the
organization's AD. So far, that all appears to be working. I can run
LDAP queries to look up users, I can log into the test instance via
Kerberos, it's all golden. What I would like to next is to add certain
external AD users to the "admins" FreeIPA group so that these users can
log into the FreeIPA web UI and perform administrative actions the same
as the built-in "admin" user can. So far I spent about a day reading
docs, googling, and trying things out but haven't yet made this work.
Here is what I've done so far:
This is not supported in anything but RHEL 8.0
beta when you install
yum module enable idm:DL1
yum module install idm:DL1/adtrust
and then set things up for the trust to use as documented at
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8-...
No other distribution has experimental support to manage IPA as Active
Directory user. It is experimental because a number of things still
don't work.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland