Carlos Raúl Laguna wrote:
Just for clarification, If i create a user in Windows 2008R2 it propagates to Freeipa 4.1 because freeIPA trust the AD domain, in this scenario where AD equally trust the freeIPA domain (Fedora 22), a user created in freeIPA should not propagate as well to AD ? Regards
Users are not copied, you can reference an AD user from IPA. So you can log into an IPA-managed machine using your AD credentials. This does not add the AD user to IPA.
Right now you can't reference IPA users in AD resources, in any version of IPA. So no logging into Windows using your IPA credentials (yet).
rob
2015-05-22 16:39 GMT-04:00 Alexander Bokovoy <[email protected] <mailto:[email protected]>>: On Fri, 22 May 2015, Carlos Raúl Laguna wrote: Hi Alexander Great news, does this also mean that user created in freeipa are self created/synchronized in the windows ad ? Regtards With cross-forest trust we don't synchronize anything to AD. Think about it as if FreeIPA was a separate AD forest, two AD forests don't synchronize anything to each other, they _refer_ to each other's domain controllers for operations that require authentication or other changes. -- / Alexander Bokovoy
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
