[Freeipa-users] IPA-AD Login

Alexander Bokovoy abokovoy at redhat.com
Sun Feb 7 19:05:29 UTC 2016


On Thu, 04 Feb 2016, Alan P wrote:
>Hi,
>
>I just configured a trust between an IPA and an Active Directory to
>authenticate IPA users in Windows machines joined in AD domain. The
>login is successfull, but only after several minutes (nearly 25
>minutes) in the first attempt; in the next attempts, the required time
>goes from 5 to 10 min. So, what can I do to reduce the time to
>something more acceptable? (For reference, when an AD user
>authenticates it only takes 10 seconds or less).
Alan, this is not yet supported for multiple reasons. We just have
worked on this with Michael Brown at DevConf.cz over this weekend and
while we have had certain progress, it requires heavily patching several
key components, including CyrusSASL library, 389-ds and FreeIPA. Worse
to that, we need to write Global Catalog service support in FreeIPA to
allow Windows machines to actually assign proper rights to IPA users.

This is a plan for FreeIPA 4.4-4.5 releases.

-- 
/ Alexander Bokovoy




More information about the Freeipa-users mailing list