Hi, As far as I am aware Windows clients can only authenticate against ADs. So if you need to authenticate Windows you need a password trust/sync setup with AD and yes you need an AD as well as FreeIPA.
>From what's been said in the last day or so the next version of FreeIPA will >do interREALM kerberos trusts?....so its looking a bit better than a password >sync....but I think you will still need AD and FreeIPA. From my limited >understanding something has to do the authorisation still which is the LDAP >bit.....so once you trust the user you still have to put in two places what >the user can do....depending on what the user wants to connect to. regards ________________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dan Scott [danieljamessc...@gmail.com] Sent: Thursday, 26 May 2011 9:00 a.m. To: email@example.com Subject: [Freeipa-users] Migration from FreeIPA 1.2.1 to 2 Hello, I have a FreeIPA 1.2.1 system (1 master and 1 replica server) running on Fedora 14. I'd like to migrate to FreeIPA 2, now that Fedora 15 has been released. But I have a few questions: 1. Can Fedora 15 clients authenticate against my FreeIPA 1 servers? 2. Can Fedora 14 (and older, and Windows and Mac) clients authenticate against FreeIPA 2 servers? 3. Can I migrate the servers from FreeIPA 1 to 2 (presumably requiring an upgrade from Fedora 14 to 15 along the way). Overall, my questions boil down to this: Can I migrate systems as and when possible/convenient, or do I have to do 'everything' in one go? I looked through the documentation, but the V2 docs currently seem quite developer-centric, does anyone have any links for me? Thanks, Dan Scott _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users