ID Mapping of Active Directory users with · Active Directory users with Sumit Bose Red Hat...
Transcript of ID Mapping of Active Directory users with · Active Directory users with Sumit Bose Red Hat...
is a client for FreeIPA
DNSNTP
Integrated Solution
=
Identity
Who you are
VT100 anyone ?$ ipa user-find admin--------------1 user matched-------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash UID: 747400000 GID: 747400000 Account disabled: False Password: True Kerberos keys available: True----------------------------Number of entries returned 1----------------------------
Policy
What you are allowed to do
Audit
What you have done
PAM
NSS sudoSELinux
automountssh
InfoPipe
IPA Server
PAM
NSS sudoSELinux
automountssh
InfoPipe
IPA ServerOther ServerIPA, LDAP, AD
PAMNSS sudo
SELinux
automountssh
InfoPipe
IPA Server
app1
app2 app3
app4
Tomorrow
ActiveDirectory
Forest Trust
Tomorrow
ID-Mapping
SIDs POSIX IDs
1028 : 1
128bits 32bits
SID POSIX ID
Algorithmic Mapping
posixAccount
Manual MappingManaged in AD
FreeIPA CIFS-ClientAD DC
File-Server
IPA Server
IPA Client
cifs-utils
Kernel-
User-Space
cifs.idmapidmapwb.socifs_idmap_sss.so
FreeIPA CIFS-ServerAD DC
AD Client
IPA Server
IPA Client
smbd wbinfo
libwbclient.so.0
winbindd
Samba File-Server
smbd wbinfo
libwbclient.so.0
Samba File-ServerOn a FreeIPA Client
libwbclient-sssd.so.0
Tomorrow
libwbclient-sssdcommon ID/SID lookup
authenticationutilities
libwbclient-sssdLimitations
Trust MgmtNTLMWINS ID alloc
pam_winbind.solibnss_winbind.so
pam_sss.solibnss_sss.so socket
socket winbindd
Next Plans
pam_socket.solibnss_socket.so socket
winbindd
Unified PAM/nss Client
Thank you :-)
Any questions please?