On to, 23 elo 2018, Michal Sladek via FreeIPA-users wrote:
I would like to use IPA server in heterogeneous environment with Linux servers and Windows
IPA domain would be used as a primary source of users and groups.
AD domain would be used for management of Widows hosts only (group policies etc.).
I have setup a test network with two-trust between AD and IPA domain
and realized, that IPA domain sees AD users but AD domain doesn't see
IPA users. Am I missing something or the two-way trust is not two-way
It is two-way in principle. However, FreeIPA does not implement features
required by AD DC to resolve IPA users on Windows workstations. It is on
our long term roadmap.
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland