As far as I am aware Windows clients can only authenticate against ADs.  So if 
you need to authenticate Windows you need a password trust/sync setup with AD 
and yes you need an AD as well as FreeIPA.

>From what's been said in the last day or so the next version of FreeIPA will 
>do interREALM kerberos trusts?....so its looking a bit better than a password 
>sync....but I think you will still need AD and FreeIPA.  From my limited 
>understanding something has to do the authorisation still which is the LDAP 
>bit.....so once you trust the user you still have to put in two places what 
>the user can do....depending on what the user wants to connect to.


From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Dan Scott [danieljamessc...@gmail.com]
Sent: Thursday, 26 May 2011 9:00 a.m.
To: freeipa-users@redhat.com
Subject: [Freeipa-users] Migration from FreeIPA 1.2.1 to 2


I have a FreeIPA 1.2.1 system (1 master and 1 replica server) running
on Fedora 14. I'd like to migrate to FreeIPA 2, now that Fedora 15 has
been released. But I have a few questions:

1. Can Fedora 15 clients authenticate against my FreeIPA 1 servers?
2. Can Fedora 14 (and older, and Windows and Mac) clients authenticate
against FreeIPA 2 servers?
3. Can I migrate the servers from FreeIPA 1 to 2 (presumably requiring
an upgrade from Fedora 14 to 15 along the way).

Overall, my questions boil down to this: Can I migrate systems as and
when possible/convenient, or do I have to do 'everything' in one go?

I looked through the documentation, but the V2 docs currently seem
quite developer-centric, does anyone have any links for me?


Dan Scott

Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to