Todd, On Thu, 13 Mar 2014, Todd Maugh wrote:
Yes for trusts rhel6.5 with AD 2012 for winsync and password sync
You are mixing two different things. - winsync/password sync is not trusts. AD accounts are physically cloned to IdM on each change at AD side. When logging to IdM with AD account, authentication is performed by IdM solely based on the password set in IdM. - trusts is not winsync/password sync. Accounts are always managed at AD side and never duplicated in IdM LDAP. When logging to IdM with AD account, authentication is performed by AD and validated by IdM based on IdM's HBAC rules. Both approaches have own benefits but they are not mixable.
From: Rich Megginson [mailto:rmegg...@redhat.com] Sent: Thursday, March 13, 2014 10:16 AM To: Todd Maugh; freeipa-users@redhat.com Subject: Re: [Freeipa-users] quick question On 03/13/2014 11:02 AM, Todd Maugh wrote: does IDM work with AD 2012 or only 2008 Are you talking about trusts? Not sure. Winsync? The PassSync password sync agent? I think so, with RHEL 6.5, or perhaps it is RHEL6.6. -Todd _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com> https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
-- / Alexander Bokovoy _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
