Todd,

On Thu, 13 Mar 2014, Todd Maugh wrote:
Yes for trusts rhel6.5 with AD 2012 for winsync and password sync


You are mixing two different things.

- winsync/password sync is not trusts. AD accounts are physically cloned to
  IdM on each change at AD side. When logging to IdM with AD account,
  authentication is performed by IdM solely based on the password set in
  IdM.

- trusts is not winsync/password sync. Accounts are always managed at AD
  side and never duplicated in IdM LDAP. When logging to IdM with AD
  account, authentication is performed by AD and validated by IdM based
  on IdM's HBAC rules.

Both approaches have own benefits but they are not mixable.



From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Thursday, March 13, 2014 10:16 AM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] quick question

On 03/13/2014 11:02 AM, Todd Maugh wrote:
does IDM work with AD 2012 or only 2008

Are you talking about trusts?  Not sure.

Winsync?  The PassSync password sync agent?
I think so, with RHEL 6.5, or perhaps it is RHEL6.6.



-Todd




_______________________________________________

Freeipa-users mailing list

Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>

https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


--
/ Alexander Bokovoy

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to