I'm planning to upgrade my servers from Windows Server 2016 to 2022 and want to know how other users are finding the experience with FreeIPA. Initially, we considered jumping to Windows Server 2025, but we noticed some issues with both it and FreeIPA, so we opted for 2022 instead. I would really appreciate any insights or experiences you have with using FreeIPA alongside the newer Windows servers!
3 Answers
Just be careful if you're trying to establish a trust with Kerberos realm. There are limitations on the FreeIPA side, and it generally doesn't work out well. Stick with an 'AD-AD' forest trust on the Windows side when working with FreeIPA; it can be tricky to get right!
Are you asking if there's a trust between Active Directory and FreeIPA, or do you have your Windows servers bound directly to FreeIPA using Kerberos? I mean, if it's the latter, I'm curious about how that setup worked for you!
It's actually the first option! I'm going for the trust setup.
It would be pretty wild if they could actually bind Windows servers directly to FreeIPA, though! I know you can perform kinit from Windows, but joining them would be a whole new ballgame.
I checked out FreeIPA but eventually switched to UCS (Univention Corporate Server), and I’ve been really happy with it! Just a thought if you're looking for alternatives.
That's good to know! I've been reading about the setups, and I won't make that common mistake.