[Freeipa-users] Active directory integration with FreeIPA domain
Alexander Bokovoy
abokovoy at redhat.com
Thu Aug 4 20:49:39 UTC 2016
On Thu, 04 Aug 2016, Matt Comben wrote:
>Hi all,
>
>TLDR - Is it possible to sync users FROM FreeIPA TO 'AD'
TLDR - No.
>
>I've started introducing FreeIPA into our network (which is currently
>LDAP with linux clients) and migration client servers to authenticate
>against FreeIPA (which has been working great).
>
>In the past couple of weeks, we were forced to setup a couple of
>Windows servers, so AD seemed like a good improvement (for getting
>centralised authentication against our Windows workstations).
>
>I have read tonnes of information about setting up Trusts between
>FreeIPA and AD (and got a Trust itself working) and winsync using
>ipa-replica-manage, which said it was working. Although from all this
>testing, I cannot seem to get a solution working for user
>synchronisation (or trusting) for authentication on Windows clients for
>FreeIPA users. Either having users synced from FreeIPA to AD to have
>them authenticate through the AD through a Forest Trust.
>FWIW, I'm using CentOS 7 with FreeIPA 4 (tried Ubuntu 16.04, but
>couldn't get Trust established at all) and Server 2012 for AD. I also
>can't see anyone else doing it this way round... is what I'm trying to
>do impossible?
We don't have certain features expected by AD DC from a trusted AD
environment implemented in FreeIPA. They are planned but not
implemented.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list