[Freeipa-users] quick question
Alexander Bokovoy
abokovoy at redhat.com
Thu Mar 13 17:40:46 UTC 2014
Todd,
On Thu, 13 Mar 2014, Todd Maugh wrote:
>Yes for trusts rhel6.5 with AD 2012 for winsync and password sync
You are mixing two different things.
- winsync/password sync is not trusts. AD accounts are physically cloned to
IdM on each change at AD side. When logging to IdM with AD account,
authentication is performed by IdM solely based on the password set in
IdM.
- trusts is not winsync/password sync. Accounts are always managed at AD
side and never duplicated in IdM LDAP. When logging to IdM with AD
account, authentication is performed by AD and validated by IdM based
on IdM's HBAC rules.
Both approaches have own benefits but they are not mixable.
>
>From: Rich Megginson [mailto:rmeggins at redhat.com]
>Sent: Thursday, March 13, 2014 10:16 AM
>To: Todd Maugh; freeipa-users at redhat.com
>Subject: Re: [Freeipa-users] quick question
>
>On 03/13/2014 11:02 AM, Todd Maugh wrote:
>does IDM work with AD 2012 or only 2008
>
>Are you talking about trusts? Not sure.
>
>Winsync? The PassSync password sync agent?
>I think so, with RHEL 6.5, or perhaps it is RHEL6.6.
>
>
>
>-Todd
>
>
>
>
>_______________________________________________
>
>Freeipa-users mailing list
>
>Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>
>
>https://www.redhat.com/mailman/listinfo/freeipa-users
>
>_______________________________________________
>Freeipa-users mailing list
>Freeipa-users at redhat.com
>https://www.redhat.com/mailman/listinfo/freeipa-users
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list