[Freeipa-users] [[Test-Announce] Fedora 22 Final status is Go, release on May 26, 2015]
Rob Crittenden
rcritten at redhat.com
Fri May 22 22:00:02 UTC 2015
Carlos Raúl Laguna wrote:
> Just for clarification,
> If i create a user in Windows 2008R2 it propagates to Freeipa 4.1
> because freeIPA trust the AD domain, in this scenario where AD equally
> trust the freeIPA domain (Fedora 22), a user created in freeIPA should
> not propagate as well to AD ? Regards
Users are not copied, you can reference an AD user from IPA. So you can
log into an IPA-managed machine using your AD credentials. This does not
add the AD user to IPA.
Right now you can't reference IPA users in AD resources, in any version
of IPA. So no logging into Windows using your IPA credentials (yet).
rob
>
>
> 2015-05-22 16:39 GMT-04:00 Alexander Bokovoy <abokovoy at redhat.com
> <mailto:abokovoy at redhat.com>>:
>
> On Fri, 22 May 2015, Carlos Raúl Laguna wrote:
>
> Hi Alexander
> Great news, does this also mean that user created in freeipa are
> self
> created/synchronized in the windows ad ? Regtards
>
> With cross-forest trust we don't synchronize anything to AD. Think about
> it as if FreeIPA was a separate AD forest, two AD forests don't
> synchronize anything to each other, they _refer_ to each other's domain
> controllers for operations that require authentication or other changes.
>
> --
> / Alexander Bokovoy
>
>
>
>
More information about the Freeipa-users
mailing list