[Freeipa-users] is it possible to use 'ipa-replica' to sync user between different suffix AD and IPA domain?
Petr Vobornik
pvoborni at redhat.com
Thu Apr 28 15:21:35 UTC 2016
On 04/28/2016 04:44 PM, Matrix wrote:
> Hi, all
>
> I am trying to do a centrelized solution
>
> AD domain is 'examplemedia.net'
>
> IPA domain is 'example.net'
>
> After ipa-replica has been established, i found that nothing has been synced
> from AD to IPA.
>
> IPA version: ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64
>
> I doubt that for different suffix is supported ? If so, anyone can show some
> hint for me to investigate more?
>
> Thanks for your kindly help.
>
> Matrix
Hello,
what is your goal and current setup?
By "ipa-replica has been established" do you mean that you installed a
new currently standalone IPA server? And connected it somehow with AD?
Or did you run `ipa-replica-manage connect --winsync ...`
It would be good to mention that IPA server[1] cannot be a replica of an
AD server. But it can integrate with it. Either by using
winsync(synchronization) or the recommended solution: Trusts [2].
Documentation:
[1]
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html
[2]
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/pt02.html
HTH
--
Petr Vobornik
More information about the Freeipa-users
mailing list