I've long believed that it wasn't possible to use FreeIPA for identity management with Windows clients (unless one was willing to pay for an Active Directory server and establish a cross-domain trust).
I recently stumbled on this post, which indicates that it is possible:
https://www.rootusers.com/how-to-login-to-windows-with-a-freeipa-account/
Can anyone speak to whether this is expected to work?
On to, 21 marras 2019, Ian Pilcher via FreeIPA-users wrote:
I've long believed that it wasn't possible to use FreeIPA for identity management with Windows clients (unless one was willing to pay for an Active Directory server and establish a cross-domain trust).
I recently stumbled on this post, which indicates that it is possible:
https://www.rootusers.com/how-to-login-to-windows-with-a-freeipa-account/
Can anyone speak to whether this is expected to work?
This instruction produces changes on both sides that aren't supported by anyone and will most likely break when our work on global catalog would land.
I hope to get a prototype to experiment with through the winter season. We have a recorded video that shows what's possible with a manual injection of an entry into a global catalog service on IPA side, but we found there's a lack of several services expected by Windows machines from a 'AD DC' they think IPA master is representing. These services need to be added to Samba non-AD DC code that FreeIPA is using.
freeipa-users@lists.fedorahosted.org