I created a FreeIPA (ipa.angelsofclockwork.net) and Active Directory
(ad.angelsofclockwork.net) and put them into a two way trust with posix. I used
ipa-adtrust-install --enable-compat --add-agents
ipa trust-add --type=ad ad.angelsofclockwork.net --admin lmabel --password
The users in AD have posix attributes assigned and those attributes are in the
global catalog. My linux clients can see the AD users when I do a getent passwd
u...@ad.angelsofclockwork.net. So this is working as intended.
http://www.freeipa.org/page/HowTo/Setup_FreeIPA_Services_for_Mac_OS_X_10.12 - I
used this guide to add our first mac to FreeIPA rather than AD. This guide
worked for the most part, but I cannot get it to see the users across the trust
boundary. I'm sure I'm either missing something or mac's open directory utility
doesn't support trusts like we would think it should.
[root@sani ~]# dscacheutil -q user -a name admin
[root@sani ~]# dscacheutil -q user -a name louis.abel
[root@sani ~]# dscacheutil -q user -a name louis.a...@ad.angelsofclockwork.net
Anyone have any suggestions? Or will I have to just connect my mac to AD and
work with it that way? I was trying to avoid having to add to AD, but it seems
like I'm going to have to go that route. Unless anyone has experience with
getting it to work across trusts. From my research it seems others have tried
to solve the 'trust' problem when there's two AD domains involved, not an IPA
and AD domain. So it seems like a mac specific problem perhaps.
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org