On Thu, 04 Feb 2016, Alan P wrote:
I just configured a trust between an IPA and an Active Directory to
authenticate IPA users in Windows machines joined in AD domain. The
login is successfull, but only after several minutes (nearly 25
minutes) in the first attempt; in the next attempts, the required time
goes from 5 to 10 min. So, what can I do to reduce the time to
something more acceptable? (For reference, when an AD user
authenticates it only takes 10 seconds or less).
Alan, this is not yet supported for multiple reasons. We just have
worked on this with Michael Brown at DevConf.cz over this weekend and
while we have had certain progress, it requires heavily patching several
key components, including CyrusSASL library, 389-ds and FreeIPA. Worse
to that, we need to write Global Catalog service support in FreeIPA to
allow Windows machines to actually assign proper rights to IPA users.
This is a plan for FreeIPA 4.4-4.5 releases.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project