Carlos Raúl Laguna wrote:
Just for clarification,
If i create a user in Windows 2008R2 it propagates to Freeipa 4.1
because freeIPA trust the AD domain, in this scenario where AD equally
trust the freeIPA domain (Fedora 22), a user created in freeIPA should
not propagate as well to AD ? Regards
Users are not copied, you can reference an AD user from IPA. So you can
log into an IPA-managed machine using your AD credentials. This does not
add the AD user to IPA.
Right now you can't reference IPA users in AD resources, in any version
of IPA. So no logging into Windows using your IPA credentials (yet).
2015-05-22 16:39 GMT-04:00 Alexander Bokovoy <aboko...@redhat.com
On Fri, 22 May 2015, Carlos Raúl Laguna wrote:
Great news, does this also mean that user created in freeipa are
created/synchronized in the windows ad ? Regtards
With cross-forest trust we don't synchronize anything to AD. Think about
it as if FreeIPA was a separate AD forest, two AD forests don't
synchronize anything to each other, they _refer_ to each other's domain
controllers for operations that require authentication or other changes.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project