On 12/09/2013 11:34 PM, Alexander Bokovoy wrote: > On Mon, 09 Dec 2013, Johan Petersson wrote: >> Hi, >> >> In my test environment i am planning to add a AD to my current IPA >> configuration and i would like my IPA users to be able to log in >> through windows to the AD and still have their IPA shared home >> directory. >> >> IPA is Red Hat 6.5 and AD is Windows 2012 Server. >> >> Home Directories are currently shared through NFS and Kerberos >> >> Is there a preferred way to connect the AD to IPA for this >> functionality? > Using IPA identities to log-in to Windows machines is not implemented > yet.
Hello Johan, I would like to elaborate more on this topic. What is currently already working and supported is the AD->IPA authentication. You can SSO from Windows to Linux machine controlled by FreeIPA already. The second part (IPA->AD) is much more complicated, it requires additional MS-specific interfaces implemented on IPA side. This is a feature we are working on in FreeIPA 3.4 (i.e. the next version). We would like to publish a working version (at least PoC) when it is released. This is the upstream ticket tracking the effort: https://fedorahosted.org/freeipa/ticket/2586 This is the related information on our community wiki: http://www.freeipa.org/page/Trusts http://www.freeipa.org/page/V3/Trust_GC_support HTH, Martin _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
