On Wed, 25 Nov 2015, Giorgio Biacchi wrote:
Hello list,
can someone please clarify which configuration steps are needed to make FreeIPA
aware of additionals UPN suffixes defined on AD?

In my test environment I have a two way trust between the AD (Win 2012 R2) and
IPA (Fedora 23) servers. On the AD there are 2 UPNs and I need to authenticate
users with accounts based on those 2 UPNs via IPA against the AD.

I'm using FreeIPA 4.2.3-1 for FC23 but I'm still unable to make it work in this
scenario although the bug described here
https://fedorahosted.org/freeipa/ticket/3559 is now fixed.

Thanks in advance for any kind reply.
FreeIPA currently only picks up primary user names (sAMAccountName). To
pull UPNs for trusted domains we need to use a bit different method to
retrieve trust topology information which we were unable to do before
4.2. This is in the plan for 4.4 I think.

The ticket you mentioned is enabler but it needs appropriate information
in the trust topology to compare realms/UPNs.
/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to