UCS vs FreeIPA - can it do the same?


#1

Hi,

I have recently worked out how our company could use FreeIPA connected to Active Directory to provide HBAC and SUDO with Active Directory users to our Linux servers. This works great. Including the configuration of SSH key authentication, which is not something I could directly find in UCS.

I am wondering if UCS could do the same, is this something which is possible with UCS?

Thanks in advance.

Dominique


#2

Hey,

Univention includes a component called “AD Connector”. It enables you to deploy a UCS infrastructure and synchronize accounts & groups with a Windows-based Active Directory domain. A UCS system can then authenticate the same users via PAM, including ssh & sudo. You can read more about the AD Connector in the admin manual.

Kind regards,
mosu


#3

why not using realmd ?

apt -y install ntp realmd sssd sssd-tools adcli krb5-user packagekit samba-common samba-common-bin samba-libs resolvconf

or

yum -y install realm ntp ntpdate adcli sssd authconfig krb5-workstation openldap-clients samba-common-tools

then

realm discover “realm” (the realm is the ad domain)
realm join “realm” -U youruserid

vi /etc/sssd/sssd.conf and change

use_fully_qualified_names = False

systemctl restart sssd
id your_ad_userid