All,
Our org uses sssd for direct integration to our corp AD forest, which has the std MS schema extension (RFC 2307bis IIRC).
Currently, we have some Windows builds running in the Azure cloud, integrated via AzureAD. I'm not a Windows engineer, so I don't know the details of this Windows-based user authentication. Other than it works.
Does sssd support direct integration to AzureAD?
I read this with great interest: https://research.redhat.com/blog/engineering_project/integrate-sssd-with-azu...
So if sssd supports this, any sssd config changes required for AzureAD?
Spike
Am Thu, Jan 05, 2023 at 11:03:55AM -0600 schrieb Spike White:
All,
Our org uses sssd for direct integration to our corp AD forest, which has the std MS schema extension (RFC 2307bis IIRC).
Currently, we have some Windows builds running in the Azure cloud, integrated via AzureAD. I'm not a Windows engineer, so I don't know the details of this Windows-based user authentication. Other than it works.
Does sssd support direct integration to AzureAD?
I read this with great interest: https://research.redhat.com/blog/engineering_project/integrate-sssd-with-azu...
So if sssd supports this, any sssd config changes required for AzureAD?
Hi,
currently this is only possilbe with the help of FreeIPA. See https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.ht... for an example with keycloak as IdP, but you can use AzureAD as well.
There is a chapter in the official RHEL IdM documentation at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/htm... too.
bye, Sumit
Spike
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Sumit,
Thanks for answer.
MS claims that adcli + sssd allows you to join an Azure AD domain services.
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/joi...
Like I say, I'm not an AD expert. Certainly not AzureAD.
Spike
On Fri, Jan 6, 2023 at 12:42 AM Sumit Bose sbose@redhat.com wrote:
Am Thu, Jan 05, 2023 at 11:03:55AM -0600 schrieb Spike White:
All,
Our org uses sssd for direct integration to our corp AD forest, which has the std MS schema extension (RFC 2307bis IIRC).
Currently, we have some Windows builds running in the Azure cloud, integrated via AzureAD. I'm not a Windows engineer, so I don't know the details of this Windows-based user authentication. Other than it works.
Does sssd support direct integration to AzureAD?
I read this with great interest:
https://research.redhat.com/blog/engineering_project/integrate-sssd-with-azu...
So if sssd supports this, any sssd config changes required for AzureAD?
Hi,
currently this is only possilbe with the help of FreeIPA. See
https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.ht... for an example with keycloak as IdP, but you can use AzureAD as well.
There is a chapter in the official RHEL IdM documentation at
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/htm... too.
bye, Sumit
Spike
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On 09/01/2023 15:38, Spike White wrote:
Sumit,
Thanks for answer.
MS claims that adcli + sssd allows you to join an Azure AD domain services.
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/joi... https://learn.microsoft.com/en-us/azure/active-directory-domain-services/join-rhel-linux-vm
It looks like that's for Azure AD DS - not 'pure' Azure AD.
(Azure AD DS is like AD DS but Microsoft host the DCs for you, so as far as your Linux system is concerned it's like "direct integration" with AD DS).
Sam,
Appreciate the clarification. Makes sense now.
Spike
On Mon, Jan 9, 2023 at 10:05 AM Sam Morris sam@robots.org.uk wrote:
On 09/01/2023 15:38, Spike White wrote:
Sumit,
Thanks for answer.
MS claims that adcli + sssd allows you to join an Azure AD domain
services.
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/joi... < https://learn.microsoft.com/en-us/azure/active-directory-domain-services/joi...
It looks like that's for Azure AD DS - not 'pure' Azure AD.
(Azure AD DS is like AD DS but Microsoft host the DCs for you, so as far as your Linux system is concerned it's like "direct integration" with AD DS).
-- Sam Morris https://robots.org.uk/ PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9 _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
sssd-users@lists.fedorahosted.org
-
Sam Morris -
Spike White -
Sumit Bose