So I have an active directory domain, call it foo.com. Two server 2019 servers as DCs. I'm trying to move away from windows, to FreeIPA. I have a handful of users who login to a webmail server, which authenticates to the AD domain. All working fine. I don't know their passwords, nor do I want to. What I would like to do is (somehow) have one of the AD controllers sync the passwords to the FreeIPA instance. Syncing the entire user is nice, but not necessary, since I can create the users manually. I freely admit I don't really grok how trusts work, but I thought I read that to set up a trust between FreeIPA and AD, they had to be in non-overlapping domains. If so, that's a deal-breaker, because the whole point here is that I want to replace AD servicing foo.com with FreeIPA servicing foo.com. As a last-ditch, I'm prepared to notify them that I'm changing their passwords to temporary ones, and as soon as I cut over, they can change their passwords back, but that's obviously less than ideal. Any helpful tips much appreciated!
Asked
Active
Viewed 16 times
