Hello, everyone. I am planning to set up Single Sign-On (SSO). I wonder if I can use something like Red Hat SSO with two separate domains. I have one domain for Windows AD and one for Linux IDM. My idea is to use Red Hat SSO so that both domains will be able to access the same services. For example, I have one Nextcloud instance, and I would like users from both domains to use it with SSO.

  • kylian0087@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    you can still use sudo and all the other good stuff while only having one source of truth for identity.

    I am aware that linux devices can join the AD domain. The reasons i setup up FreeIPA/IDM is the linux specific rules I can make. Like the Sudo rules for example. As far as i am aware you can not do this with a windows domain controller.

    • spaghetti_carbananaA
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      Depends on your use case, but you can use some Group Policy Objects on Linux (at least with sssd). See: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/sssd-gpo

      You can also grant sudo to AD group members in the sudoers file, which is how I’ve done it in a corporate setting.

      I believe there are 3rd party ADMX templates you can add to your domain controllers to get more granular as well as additions to the AD schema, but I haven’t gone that deep with it since between sssd and the sudoers file I can achieve what I need to.

      • kylian0087@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        Arnt GPOs on Linux very limited? Anyway to get some form of “policys” working I was thinking of using Ansible and playbooks to manage that portion anyway. (Next project).