On 3/4/2015 2:00 AM, Martin Kosek wrote: > On 03/04/2015 04:57 AM, Hugh wrote: > Hello Hugh, > > Before you dive in further in the FreeIPA winsync and groups, please note that > FreeIPA does not support group sync from/to AD and there are no plans for > adding that capability. We are focusing on AD Trusts instead, as *the* way for > cooperation with AD. This is related upstream ticket with similar request, > just > different direction: > > https://fedorahosted.org/freeipa/ticket/3946
We would prefer to use trusts and I tried that first, but then I discovered that logging into Windows workstations joined to the AD domain with IPA user accounts is not supported due to lack of a Global Catalog. Therefore, I had to resort to using a synch instead. I'm assuming that implementing a Global Catalog will take a while, so I'd probably suggest/request that feature additions to synch agreements not be closed off. Hugh -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
