On 3/4/2015 2:00 AM, Martin Kosek wrote:
> On 03/04/2015 04:57 AM, Hugh wrote:
> Hello Hugh,
> 
> Before you dive in further in the FreeIPA winsync and groups, please note that
> FreeIPA does not support group sync from/to AD and there are no plans for
> adding that capability. We are focusing on AD Trusts instead, as *the* way for
> cooperation with AD. This is related upstream ticket with similar request, 
> just
> different direction:
> 
> https://fedorahosted.org/freeipa/ticket/3946

We would prefer to use trusts and I tried that first, but then I
discovered that logging into Windows workstations joined to the AD
domain with IPA user accounts is not supported due to lack of a Global
Catalog. Therefore, I had to resort to using a synch instead.

I'm assuming that implementing a Global Catalog will take a while, so
I'd probably suggest/request that feature additions to synch agreements
not be closed off.

Hugh

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to