In a similar vein, is anyone aware of a (safe) automated work-around that can 
periodically map users into localized Windows accounts? I am conceptualizing 
some sort of powershell script involving a query to 389DS, but automating any 
form of account management that way sounds moderately terrifying, and may be 
out of the scope of this mailing list.

Paul C. Arnold
IT Systems Engineer
Cole Engineering Services, Inc.

From: [] on 
behalf of Petr Spacek []
Sent: Thursday, October 01, 2015 03:15 AM
Subject: Re: [Freeipa-users] Trust Issues W/ Logins on Windows Desktops

This email was sent from a non-Department of Defense email account, and 
contained active links. All links are disabled, and require you to copy and 
paste the address to a Web browser. Please verify the identity of the sender, 
and confirm authenticity of all links contained within the message.

Unfortunately you will not be able to log into Windows workstations using IPA
users because FreeIPA is (at the moment) missing Global Catalog component
which prevents Windows from working with IPA users.

It should work the other way around, but there is nothing you can do at the
moment to make it working with IPA users in Windows. Global Catalog is several
months away in the best case.


Petr^2 Spacek

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to