THe problem with the cross realm trust support as I understand it is that it 
requires you to populate posix attributes in AD, which many AD admins are 
hesitant to do.  You have to install the AD services for unix pack and create 
metadata object in the directory for tracking UID and GID and then manage users 
via the ADSFU snap in. I have run in to significant resistance to this and the 
Linux guys usually do not have access.

Brian


On May 9, 2012, at 3:19 PM, Steven Jones wrote:

> That is possibly RHEl6.4? so year end?
> 
> regards
> 
> Steven Jones
> 
> Technical Specialist - Linux RHCE
> 
> Victoria University, Wellington, NZ
> 
> 0064 4 463 6272
> 
> ________________________________________
> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
> behalf of Simo Sorce [s...@redhat.com]
> Sent: Thursday, 10 May 2012 10:15 a.m.
> To: Sylvain Angers
> Cc: Freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] proxy with Active Directory
> 
> On Wed, 2012-05-09 at 14:19 -0400, Sylvain Angers wrote:
>> Hello
>> 
>> Our security group have concern with copying username/password from
>> from AD and might not allow this synchronisation to even happen.
>> Is there a way to configure ipa to go get username/password via kind
>> of proxy?
> 
> Not really, your best bet in that situation is cross realm trust support
> schedule for the next FreeIPA version.
> 
> Simo.
> 
> --
> Simo Sorce * Red Hat, Inc * New York
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to