[Freeipa-users] How does one authenticate Windows login against IPA
Alexander Bokovoy
abokovoy at redhat.com
Thu May 19 06:09:20 UTC 2016
On Wed, 18 May 2016, John Meyers wrote:
>All,
>
>FreeIPA as we've discovered has some wonderful Windows integration
>capability, but it is all predicated on Windows AD being the
>authoritative source of user information. 2-Way trusts are great, but
>they only work for kerberotized applications, not native Windows rights
>(that would require FreeIPA to act as global catalog as I learned from
>Alexander). The winsync capability does not, as it turns out, sync
>native IPA users to AD.
>
>The million dollar question is if you are 90% Linux shop and FreeIPA is
>your authoritative user repository (AD is a blank slate), how do you
>perform local Windows login authentication for the 10% of Windows
>machines against FreeIPA?
As I said before, we currently don't have answer to this question.
Development work still continues. Some people were able to do logins
with 'REALM\Username' but then assigning permissions does not work
anyway in Windows due to lack of GC support on IPA side.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list