Hi Dan
Post by Dan DietterichWith a one-way trust from FreeIPA 4.4 to Active Directory on WinServ2012r2, I am
trying to use FreeIPA LDAP for user authentication.
Is that supposed to work?
In the way you have described it, no. AD users/groups will not be in the FreeIPA LDAP. So attempting to authenticate a Windows user by pointing an LDAP client at a FreeIPA server will fail.
Installing the FreeIPA client on a Linux host and enrolling it in an IPA domain with a trust to an Active Directory domain will allow you to authenticate Windows users on the Linux host. This is done using SSSD, among other things.
Regards,
j