Dear Alexander, Understand, thank you very much.
Kevin. From: Alexander Bokovoy <[email protected]> To: [email protected] Cc: [email protected] Date: 09/11/2013 02:52 PM Subject: Re: [Freeipa-users] IPA AD Trust issue On Wed, 11 Sep 2013, [email protected] wrote: >Dear Alexander, > >If I use 'ipa-replica-prepare' to replica Windows AD to/from IPA AD, Will >all user account in Windows AD 'copy' to IPA AD, and my IPA client can >logon with Windows AD username only? (only use 'userA' to login directly, >not 'userA@win_ad.com'). If you are using ipa-replica-prepare against Windows AD, you are using winsync/passsync which is copying user entries from AD to IPA. In this case AD users become IPA users. It is not a trust per se, only a synchronization. In particular, users will not be able to use their AD Kerberos credentials at all. But yes, in winsync case these users will be able to login with just a user name. >Or after replication, can I use IPA account logon Windows Client PC only >with ipa username? (only use 'userB' logon, rather than 'userB@ipa_ad.com' >to logon). No, synchronization is from AD to IPA, not the other way around. A change in IPA for the account which was synchronized from AD will be propagated back to AD but IPA users will not be copied to AD. -- / Alexander Bokovoy
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
