On Wed, 30 Dec 2015, Anon Lister wrote:
New to list. This is kind of a followup to the post here:
We are one of the odder shops that runs almost entirely linux, but the need
to support some windows stuff that requires AD has come up. We have things
setup as domain.com (NetBIOS name: DOM), with ipa.domain.com and
We just added win.domain.com with a windows DC on ad.win.domain.com (NB
We are running EL 6.7/ipa 3.0.0. we got the trust setup working, can
confirm we can mount (tesT) shares from IPA to windows domain, can login to
the linux boxes with windows user credentials, but have been unable to
figure out how to login to the windows boxes with ipa credentials (this was
really our primary use case, as everything is managed in IPA and hits it
for authentication, we were hoping to not have to manage 2 sets of accounts
for the people needing windows, two places to update passwords, etc.).
Is there support for bidirectional login in newer FreeIPA? I found the
above thread that seemed to suggest you could not use IPA credentials for
logging into the windows domain. Has this changed at all? We would be
willing to look at upgrading to EL7 (or, id rather not, but even Fedora
Server, if we can get this feature). If not is it down the pipeline?
Nothing changed. It is down the pipeline but implementation of it
depends on multiple factors so current plan is 'next major update' but
not fixed in time. It is not an easy feat.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project