Hi everyone,

first post, hope the question is not too dumb and this is the right list.

I’m trying to use IPA in the way the RHEL Windows Integration Guide describes 
it in the one-way-trust setup (indirect integration, using AD for auth, IPA for 
However, I’m hitting a wall since at one point you have to provide AD Admin 
credentials (setting up the agreement) which I don’t have/won’t have.

Question: Are there other ways to get the (almost) same result w/o having admin 
access to AD?

* Some 2 years back Dmitri Dal made a comment here which seems to point into 
that direction
    but I wasn’t able to find anything in the official documentation or 
elsewhere and that issue has been closed as fixed.

As of now I only see recreating all the users/groups from AD in IPA w/o any 
connectivity in between as one option, which would be ok but not very elegant
and users have to deal with another password.

Is it possible to use SSSD with AD as auth/idprovider and IPA for policies 
(something like shown in the modern integration option image here
but with policies fetched from IPA: 



FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to