Am Thu, Jan 05, 2023 at 11:03:55AM -0600 schrieb Spike White: > All, > > Our org uses sssd for direct integration to our corp AD forest, which has > the std MS schema extension (RFC 2307bis IIRC). > > Currently, we have some Windows builds running in the Azure cloud, > integrated via AzureAD. I'm not a Windows engineer, so I don't know the > details of this Windows-based user authentication. Other than it works. > > Does sssd support direct integration to AzureAD? > > I read this with great interest: > https://research.redhat.com/blog/engineering_project/integrate-sssd-with-... > > So if sssd supports this, any sssd config changes required for AzureAD? Hi, currently this is only possilbe with the help of FreeIPA. See https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support... for an example with keycloak as IdP, but you can use AzureAD as well. There is a chapter in the official RHEL IdM documentation at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/... too. bye, Sumit > > Spike > _______________________________________________ > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org > To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste... > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

On 09/01/2023 15:38, Spike White wrote: > Sumit, > > Thanks for answer. > > MS claims that adcli + sssd allows you to join an Azure AD domain services. > > https://learn.microsoft.com/en-us/azure/active-directory-domain-services/... < https://learn.microsoft.com/en-us/azure/active-directory-domain-services/... > It looks like that's for Azure AD DS - not 'pure' Azure AD. (Azure AD DS is like AD DS but Microsoft host the DCs for you, so as far as your Linux system is concerned it's like "direct integration" with AD DS). -- Sam Morris <https://robots.org.uk/> PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9 _______________________________________________ sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue