On 12/09/2013 11:34 PM, Alexander Bokovoy wrote:
> On Mon, 09 Dec 2013, Johan Petersson wrote:
>> Hi,
>> In my test  environment i am planning to add a AD to my current IPA
>> configuration and i would like my IPA users to be able to log in
>> through windows to the AD and still have their IPA shared home
>> directory.
>> IPA is Red Hat 6.5 and AD is Windows 2012 Server.
>> Home Directories are currently shared through NFS and Kerberos
>> Is there a preferred way to connect the AD to IPA for this
>> functionality?
> Using IPA identities to log-in to Windows machines is not implemented
> yet.

Hello Johan,

I would like to elaborate more on this topic. What is currently already working
and supported is the AD->IPA authentication. You can SSO from Windows to Linux
machine controlled by FreeIPA already.

The second part (IPA->AD) is much more complicated, it requires additional
MS-specific interfaces implemented on IPA side. This is a feature we are
working on in FreeIPA 3.4 (i.e. the next version). We would like to publish a
working version (at least PoC) when it is released.

This is the upstream ticket tracking the effort:

This is the related information on our community wiki:


Freeipa-users mailing list

Reply via email to