[Freeipa-users] Confused: LDAP authentication of AD users
Jason B. Nance
jason at tresgeek.net
Tue May 16 22:02:46 UTC 2017
Hi Dan
> With a one-way trust from FreeIPA 4.4 to Active Directory on WinServ2012r2, I am
> trying to use FreeIPA LDAP for user authentication.
> Is that supposed to work?
In the way you have described it, no. AD users/groups will not be in the FreeIPA LDAP. So attempting to authenticate a Windows user by pointing an LDAP client at a FreeIPA server will fail.
Installing the FreeIPA client on a Linux host and enrolling it in an IPA domain with a trust to an Active Directory domain will allow you to authenticate Windows users on the Linux host. This is done using SSSD, among other things.
Regards,
j
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170516/9e2fc1f6/attachment.htm>
More information about the Freeipa-users
mailing list