[Freeipa-users] ntGroup MUST ntUserDomainId?
Hugh
hugh at psychopig.com
Wed Mar 4 13:33:17 UTC 2015
On 3/4/2015 2:00 AM, Martin Kosek wrote:
> On 03/04/2015 04:57 AM, Hugh wrote:
> Hello Hugh,
>
> Before you dive in further in the FreeIPA winsync and groups, please note that
> FreeIPA does not support group sync from/to AD and there are no plans for
> adding that capability. We are focusing on AD Trusts instead, as *the* way for
> cooperation with AD. This is related upstream ticket with similar request, just
> different direction:
>
> https://fedorahosted.org/freeipa/ticket/3946
We would prefer to use trusts and I tried that first, but then I
discovered that logging into Windows workstations joined to the AD
domain with IPA user accounts is not supported due to lack of a Global
Catalog. Therefore, I had to resort to using a synch instead.
I'm assuming that implementing a Global Catalog will take a while, so
I'd probably suggest/request that feature additions to synch agreements
not be closed off.
Hugh
More information about the Freeipa-users
mailing list