Carlos Raúl Laguna wrote:
Just for clarification,
If i create a user in Windows 2008R2 it propagates to Freeipa 4.1
because freeIPA trust the AD domain, in this  scenario where AD equally
trust the freeIPA domain (Fedora 22), a user created in freeIPA should
not propagate as well to AD ? Regards


Users are not copied, you can reference an AD user from IPA. So you can log into an IPA-managed machine using your AD credentials. This does not add the AD user to IPA.

Right now you can't reference IPA users in AD resources, in any version of IPA. So no logging into Windows using your IPA credentials (yet).

rob



2015-05-22 16:39 GMT-04:00 Alexander Bokovoy <aboko...@redhat.com
<mailto:aboko...@redhat.com>>:

    On Fri, 22 May 2015, Carlos Raúl Laguna wrote:

        Hi Alexander
        Great news, does this also mean that user created in freeipa are
        self
        created/synchronized in the windows ad ? Regtards

    With cross-forest trust we don't synchronize anything to AD. Think about
    it as if FreeIPA was a separate AD forest, two AD forests don't
    synchronize anything to each other, they _refer_ to each other's domain
    controllers for operations that require authentication or other changes.

    --
    / Alexander Bokovoy





--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to