In a similar vein, is anyone aware of a (safe) automated work-around that can periodically map users into localized Windows accounts? I am conceptualizing some sort of powershell script involving a query to 389DS, but automating any form of account management that way sounds moderately terrifying, and may be out of the scope of this mailing list.
Regards, -- Paul C. Arnold IT Systems Engineer Cole Engineering Services, Inc. ________________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Petr Spacek [pspa...@redhat.com] Sent: Thursday, October 01, 2015 03:15 AM To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Trust Issues W/ Logins on Windows Desktops This email was sent from a non-Department of Defense email account, and contained active links. All links are disabled, and require you to copy and paste the address to a Web browser. Please verify the identity of the sender, and confirm authenticity of all links contained within the message. Unfortunately you will not be able to log into Windows workstations using IPA users because FreeIPA is (at the moment) missing Global Catalog component which prevents Windows from working with IPA users. It should work the other way around, but there is nothing you can do at the moment to make it working with IPA users in Windows. Global Catalog is several months away in the best case. Sorry. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project