Hi,
I have searched this everywhere, but can't find it.
I want to grant access to a FreeIPA user to a Windows machine. When I try to grant the user access on windows, adding it like FREEIPADOMAIN\freeipauser, I get an error. There is a trust between both domains, but every place where I see the trusted domain on Windows (for example when configuring a GPO) I can't search for FreeIPA users.
Is this how it is supposed to be, or how can I see my FreeIPA users on Windows the same way I see AD users on my freeipa linux clients?
Best,
Francis
On ma, 06 helmi 2023, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
Hi,
I have searched this everywhere, but can't find it.
I want to grant access to a FreeIPA user to a Windows machine. When I try to grant the user access on windows, adding it like FREEIPADOMAIN\freeipauser, I get an error. There is a trust between both domains, but every place where I see the trusted domain on Windows (for example when configuring a GPO) I can't search for FreeIPA users.
Is this how it is supposed to be, or how can I see my FreeIPA users on Windows the same way I see AD users on my freeipa linux clients?
This is how it supposed to be. Using IPA users on Windows systems in trusted AD forest is not supported so far. We need to complete Global Catalog service implementation first which is currently on hold due to other work being priority.
Thanks a lot Alexander.
Best, Francis --- Francis Augusto Medeiros-Logeay Oslo, Norway
On 2023-02-07 08:20, Alexander Bokovoy via FreeIPA-users wrote:
On ma, 06 helmi 2023, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
Hi,
I have searched this everywhere, but can't find it.
I want to grant access to a FreeIPA user to a Windows machine. When I try to grant the user access on windows, adding it like FREEIPADOMAIN\freeipauser, I get an error. There is a trust between both domains, but every place where I see the trusted domain on Windows (for example when configuring a GPO) I can't search for FreeIPA users.
Is this how it is supposed to be, or how can I see my FreeIPA users on Windows the same way I see AD users on my freeipa linux clients?
This is how it supposed to be. Using IPA users on Windows systems in trusted AD forest is not supported so far. We need to complete Global Catalog service implementation first which is currently on hold due to other work being priority.
On 2023-02-07 08:20, Alexander Bokovoy via FreeIPA-users wrote:
On ma, 06 helmi 2023, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
Hi,
I have searched this everywhere, but can't find it.
I want to grant access to a FreeIPA user to a Windows machine. When I try to grant the user access on windows, adding it like FREEIPADOMAIN\freeipauser, I get an error. There is a trust between both domains, but every place where I see the trusted domain on Windows (for example when configuring a GPO) I can't search for FreeIPA users.
Is this how it is supposed to be, or how can I see my FreeIPA users on Windows the same way I see AD users on my freeipa linux clients?
This is how it supposed to be. Using IPA users on Windows systems in trusted AD forest is not supported so far. We need to complete Global Catalog service implementation first which is currently on hold due to other work being priority.
Hi,
I just wonder if any work was done towards this. Is there any place we can follow the progress of this?
Best, Francis
On Срд, 09 жні 2023, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
On 2023-02-07 08:20, Alexander Bokovoy via FreeIPA-users wrote:
On ma, 06 helmi 2023, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
Hi,
I have searched this everywhere, but can't find it.
I want to grant access to a FreeIPA user to a Windows machine. When I try to grant the user access on windows, adding it like FREEIPADOMAIN\freeipauser, I get an error. There is a trust between both domains, but every place where I see the trusted domain on Windows (for example when configuring a GPO) I can't search for FreeIPA users.
Is this how it is supposed to be, or how can I see my FreeIPA users on Windows the same way I see AD users on my freeipa linux clients?
This is how it supposed to be. Using IPA users on Windows systems in trusted AD forest is not supported so far. We need to complete Global Catalog service implementation first which is currently on hold due to other work being priority.
Hi,
I just wonder if any work was done towards this. Is there any place we can follow the progress of this?
There is currently no work beyond what exists in my gc-wip branch https://github.com/freeipa/freeipa/compare/master...abbra:freeipa:gc-wip
The roadmap view for IPA issues shows what needs to be completed yet. This is not a full list because we have been moving iteratively, finding issues one by one and simply don't know how much is still left: https://pagure.io/freeipa/roadmap/Global%20Catalog%20and%20IPA-IPA%20trust/
freeipa-users@lists.fedorahosted.org