On 12/09/2013 11:34 PM, Alexander Bokovoy wrote:
> On Mon, 09 Dec 2013, Johan Petersson wrote:
>> Hi,
>>
>> In my test  environment i am planning to add a AD to my current IPA
>> configuration and i would like my IPA users to be able to log in
>> through windows to the AD and still have their IPA shared home
>> directory.
>>
>> IPA is Red Hat 6.5 and AD is Windows 2012 Server.
>>
>> Home Directories are currently shared through NFS and Kerberos
>>
>> Is there a preferred way to connect the AD to IPA for this
>> functionality?
> Using IPA identities to log-in to Windows machines is not implemented
> yet.

Hello Johan,

I would like to elaborate more on this topic. What is currently already working
and supported is the AD->IPA authentication. You can SSO from Windows to Linux
machine controlled by FreeIPA already.

The second part (IPA->AD) is much more complicated, it requires additional
MS-specific interfaces implemented on IPA side. This is a feature we are
working on in FreeIPA 3.4 (i.e. the next version). We would like to publish a
working version (at least PoC) when it is released.

This is the upstream ticket tracking the effort:
https://fedorahosted.org/freeipa/ticket/2586

This is the related information on our community wiki:
http://www.freeipa.org/page/Trusts
http://www.freeipa.org/page/V3/Trust_GC_support

HTH,
Martin

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to