Hi Dan 

> With a one-way trust from FreeIPA 4.4 to Active Directory on WinServ2012r2, I 
> am
> trying to use FreeIPA LDAP for user authentication.

> Is that supposed to work?

In the way you have described it, no. AD users/groups will not be in the 
FreeIPA LDAP. So attempting to authenticate a Windows user by pointing an LDAP 
client at a FreeIPA server will fail. 

Installing the FreeIPA client on a Linux host and enrolling it in an IPA domain 
with a trust to an Active Directory domain will allow you to authenticate 
Windows users on the Linux host. This is done using SSSD, among other things. 


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to