On Thu, 04 Aug 2016, Matt Comben wrote:
TLDR - Is it possible to sync users FROM FreeIPA TO 'AD'
TLDR - No.
I've started introducing FreeIPA into our network (which is currently
LDAP with linux clients) and migration client servers to authenticate
against FreeIPA (which has been working great).
In the past couple of weeks, we were forced to setup a couple of
Windows servers, so AD seemed like a good improvement (for getting
centralised authentication against our Windows workstations).
I have read tonnes of information about setting up Trusts between
FreeIPA and AD (and got a Trust itself working) and winsync using
ipa-replica-manage, which said it was working. Although from all this
testing, I cannot seem to get a solution working for user
synchronisation (or trusting) for authentication on Windows clients for
FreeIPA users. Either having users synced from FreeIPA to AD to have
them authenticate through the AD through a Forest Trust.
FWIW, I'm using CentOS 7 with FreeIPA 4 (tried Ubuntu 16.04, but
couldn't get Trust established at all) and Server 2012 for AD. I also
can't see anyone else doing it this way round... is what I'm trying to
We don't have certain features expected by AD DC from a trusted AD
environment implemented in FreeIPA. They are planned but not
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project