Hello,
Suppose we have: Machine - with the full name ws16.ad16.loc - MS AD. Windows Server 2016 Machine - with the full name ipasrv-1.ipadomain.loc - IdM AD version 4.8.10. Linux Debian Machine - with the full name adclient-1.ad16.loc - AD Client. Linux Debian Bidirectional trust relationships between IPA and AD are configured. The third machine is joined to the AD domain using sssd 2.4.0.
Can I somehow authenticate on the AD client (third machine) using IdM users via the bidirectional trust relationships? That is, I don't mean the case where we make the AD client partially integrated into IdM by adding settings in sssd.conf for the second domain ([domain/ipadomain.loc]) and updating krb5.keytab. I mean, how can I make it so that the request goes specifically through AD (i.e., via the trust relationships) and not directly to IdM? And is this possible?
Thanks.
freeipa-users@lists.fedorahosted.org