11 19 08 07 09 14

These pages describes simple tips to setup and configure cross-forest trust between an IPA domain as well as an advertisement (Active Directory) domain.

Articles

  • 1 Description
  • 2 Prerequisites
    • 2.1 IPv6 stack usage
    • 2.2 Trusts and Windows Server 2003 R2
  • 3 Assumptions
  • 4 Install and configure IPA server
    • 4.1 make certain all packages are as much as date
    • 4.2 Install needed packages
    • 4.3 Configure host title
    • 4.4 Install IPA host
    • 4.5 Login as admin
    • 4.6 Make sure IPA users can be obtained to your system solutions
    • 4.7 Configure IPA host seeking arrangement reviews for cross-forest trusts
  • 5 Cross-forest trust list
    • 5.1 Date/time settings
    • 5.2 Firewall setup
      • 5.2.1 On AD DC
      • 5.2.2 On IPA host
        • 5.2.2.1 Firewalld
        • 5.2.2.2 iptables
    • 5.3 DNS setup
      • 5.3.1 Conditional DNS forwarders
      • 5.3.2 If AD is subdomain of IPA
      • 5.3.3 If IPA is subdomain of advertising
      • 5.3.4 Verify DNS setup
  • 6 Establish and trust that is verify cross-forest
    • 6.1 incorporate trust with advertisement domain
      • 6.1.1 When advertisement administrator qualifications can be obtained
      • 6.1.2 When advertisement administrator qualifications are not available
    • 6.2 Edit /etc/krb5. Conf
    • 6.3 enable access for users from AD domain to protected resources
      • 6.3.1 generate external and groups that are POSIX trusted domain users
      • 6.3.2 Add trusted domain users towards the outside team
      • 6.3.3 Add outside team to POSIX team
  • 7 Test cross-forest trust
    • 7.1 Utilizing SSH
    • 7.2 Making use of Samba stocks
    • 7.3 Utilizing Kerberized internet applications
  • 8 Debugging trust
    • 8.1 General debugging recommendations
    • 8.2 problems because of exhausted DNA range on reproduction

Description

These pages describes just how to setup and configure cross-forest trust between an IPA domain and an advertising (Active Directory) domain.

Prerequisites

  • FreeIPA 3.3.3 or later is preferred
  • Windows Server 2008 R2 or later on with configured advertisement DC and DNS installed locally in the DC

Прочитать остальную часть записи »

Рубрики
Последние публикации
Материалы для утепления