[Freeipa-users] IPA, AD Trust and Domain Local Groups
Sumit Bose
sbose at redhat.com
Wed Jan 6 08:19:11 UTC 2016
On Wed, Jan 06, 2016 at 08:56:27AM +0100, wdh at dds.nl wrote:
> Hi all,
>
> Using an AD trust with IPA 4.2 all works well, but on the IPA/Linux site
> we're just not able to see AD "Domain Local Groups".
>
> Is that just not possible (a limitation of the current version that is), is
> some extra configuration needed of is just something wrong....?
>
> Hope one can give an answer!
This is by design. As the name says the groups are 'Domain Local' i.e.
only valid in the own AD domain (not even in the whole AD forest). Since
the IPA domain is a completely different forest from the AD perspective
the Domain Local Groups do not apply here. IPA just does the same here
as AD does.
HTH
bye,
Sumit
>
> Winny
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list