On ti, 18 loka 2016, Brian Candler wrote:
On 17/10/2016 15:52, Alexander Bokovoy wrote:
If you set ID range for corresponding AD domain in IPA to be
'ipa-ad-trust-posix' and make sure all users that need to logon to IPA
have POSIX attributes, then it should work.
I think most of this is describ
On 17/10/2016 15:52, Alexander Bokovoy wrote:
If you set ID range for corresponding AD domain in IPA to be
'ipa-ad-trust-posix' and make sure all users that need to logon to IPA
have POSIX attributes, then it should work.
I think most of this is described in the Windows Integration Guide for
RHE
On ma, 17 loka 2016, Brian Candler wrote:
On 17/10/2016 15:06, Alexander Bokovoy wrote:
Would there be any benefit the other way round - creating
identities in S4 and using them to login to FreeIPA-joined *nix
boxes? I guess the problem then is where posix attributes like uid
and gid come from
On 17/10/2016 15:06, Alexander Bokovoy wrote:
Would there be any benefit the other way round - creating identities
in S4 and using them to login to FreeIPA-joined *nix boxes? I guess
the problem then is where posix attributes like uid and gid come from.
This works for Samba AD > 4.4. The code i
On 17/10/2016 11:14, Alexander Bokovoy wrote:
We are not yet at the point you could use IPA-hosted identities to login
to Windows machines joined to AD, though, regardless which AD
implementation it is.
That's very helpful, thank you. So basically it means that for the time
being, our admins wi
On ma, 17 loka 2016, Brian Candler wrote:
On 17/10/2016 11:14, Alexander Bokovoy wrote:
We are not yet at the point you could use IPA-hosted identities to login
to Windows machines joined to AD, though, regardless which AD
implementation it is.
That's very helpful, thank you. So basically it me
On ma, 17 loka 2016, Brian Candler wrote:
Sorry if this is a frequently asked question, but it's not easy to
find a simple answer.
* Can I use FreeIPA (v4) as a domain controller for Windows machines
to join?
No.
* If not, what's the recommended free/open solution? Would it be to
set up a S
