<div dir="ltr"><div><div>try the freeIPA version unless you have to stick with licensed for business reasons. Basically dig up the rpms for CentOS. <br><br></div>I'm not running any AD (YAY!!! Ditched it for FreeIPA :-) so I've not tested the AD linking. Yes. It looked complicated. duh. It's linking windows auth to *nix auth. Yuck!<br><br></div>Heh, heh. I see FreeIPA as a way to get rid of AD and make windbloze auth to Linux machines. Use that kerberos spec as it was designed and not as it was mangled for AD.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 30, 2014 at 3:18 PM, James Sumners <span dir="ltr"><<a href="mailto:james.sumners@gmail.com" target="_blank">james.sumners@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra">:-/</div><div class="gmail_extra"><br></div><div class="gmail_extra">The "trusts" configuration for Active Directory integration sounds complicated and not really worth it. But the synchronization method requires an extra license just to get the synchronization tool.</div><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Thu, Oct 30, 2014 at 12:37 PM, James Sumners <span dir="ltr"><<a href="mailto:james.sumners@gmail.com" target="_blank">james.sumners@gmail.com</a>></span> wrote:<br></span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><div dir="ltr">This looks very promising. Thank you for the suggestion.</div></span><div><div><img src=""></div></div><span class=""><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 30, 2014 at 11:17 AM, Jim Kinney <span dir="ltr"><<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">RHEL IdM or the upstream FreeIPA solution. It can auth against AD but handles the ID/GID, etc. for RHEL users. Uses kerberos and LDAP.<br></div><div class="gmail_extra"></div></blockquote></div></div></div></div></span></blockquote></div><br><br><br clear="all"><span class=""><div><br></div>-- <br>James Sumners<br><a href="http://james.roomfullofmirrors.com/" target="_blank">http://james.roomfullofmirrors.com/</a><br><br>"All governments suffer a recurring problem: Power attracts pathological personalities. It is not that power corrupts but that it is magnetic to the corruptible. Such people have a tendency to become drunk on violence, a condition to which they are quickly addicted."<br><br>Missionaria Protectiva, Text QIV (decto)<br>CH:D 59
</span></div></div>
</blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i></div>
</div>