[Freeipa-users] IPA and AD Home Directory
Martin Kosek
mkosek at redhat.com
Tue Dec 10 08:41:20 UTC 2013
On 12/09/2013 11:34 PM, Alexander Bokovoy wrote:
> On Mon, 09 Dec 2013, Johan Petersson wrote:
>> Hi,
>>
>> In my test environment i am planning to add a AD to my current IPA
>> configuration and i would like my IPA users to be able to log in
>> through windows to the AD and still have their IPA shared home
>> directory.
>>
>> IPA is Red Hat 6.5 and AD is Windows 2012 Server.
>>
>> Home Directories are currently shared through NFS and Kerberos
>>
>> Is there a preferred way to connect the AD to IPA for this
>> functionality?
> Using IPA identities to log-in to Windows machines is not implemented
> yet.
Hello Johan,
I would like to elaborate more on this topic. What is currently already working
and supported is the AD->IPA authentication. You can SSO from Windows to Linux
machine controlled by FreeIPA already.
The second part (IPA->AD) is much more complicated, it requires additional
MS-specific interfaces implemented on IPA side. This is a feature we are
working on in FreeIPA 3.4 (i.e. the next version). We would like to publish a
working version (at least PoC) when it is released.
This is the upstream ticket tracking the effort:
https://fedorahosted.org/freeipa/ticket/2586
This is the related information on our community wiki:
http://www.freeipa.org/page/Trusts
http://www.freeipa.org/page/V3/Trust_GC_support
HTH,
Martin
More information about the Freeipa-users
mailing list