On Thu, 2012-05-10 at 09:27 -0700, Brian Cook wrote:
> THe problem with the cross realm trust support as I understand it is
> that it requires you to populate posix attributes in AD, which many AD
> admins are hesitant to do.  You have to install the AD services for
> unix pack and create metadata object in the directory for tracking UID
> and GID and then manage users via the ADSFU snap in. I have run in to
> significant resistance to this and the Linux guys usually do not have
> access.

Sorry Brian but this is not true at all.
We perform SID mapping in case of Forest Trusts with AD.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to