<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">2013/9/11 Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><div class="im">
On 09/11/2013 04:02 PM, Christovam Paynes Silva wrote:
<blockquote type="cite">
<div dir="ltr">
<div>It is a pity!</div>
<div>Thank you!</div>
</div>
</blockquote>
<br>
<br>
<br></div>
I did not get a feeling that we understand the whole picture
correctly to say that we provided the full answer..<br>
<br>
What I get from the description:<br>
1) Presence of Windows Clients = 100</div></blockquote><div><br></div><div>Correct!<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
2) Presence of AD to rule them<br></div></blockquote><div> </div><div>Correct!<br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
3) Presence of users (I deduce in AD too, but unclear) = 1000<br></div></blockquote><div><br></div><div>Correct! Users are wirelessly. Use windows and linux without domain.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Intent: use open source technologies instead of proprietary
solution.<br></div></blockquote><div><br></div><div><div><div>That's right!</div></div></div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<br>
What is not clear: <br>
a) Are the users that come through the portal the same users that
use Windows Clients or not? Is there an overlap?<br></div></blockquote><div><br></div><div>Users are via wireless. Authenticate users on a "captive portal" with Squid. Customers are windows, linux and without domain.<br>
</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
b) Is there any kind of Linux servers/machines in the picture?<br></div></blockquote><div><br></div><div>This question was not clear to me.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<br>
If you do not have Linux systems and all users can be stored in one
place it might be that you do not need FreeIPA. It might be that you
can solve the problem by using Samba4 instead of AD, connecting your
clients to it, putting your external portal users into a special OU
in Samba4, configuring FreeRADIUS to use this OU for authentication.
Configure your portal to use RADIUS.<br></div></blockquote><div><br></div><div><br></div><div><div>Sorry, I may not have understood the concept of FreeIPA.</div><div><br></div><div>I would like to continue using the AD, because of Group Policy Objects (GPO).</div>
<div>It has the ability to authenticate email services, applications, among others directly in Samba4?</div></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<br>
HTH<br>
<br>
Thanks<br>
Dmitri<br>
<br>
<br>
<br>
<blockquote type="cite"><div><div class="h5">
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2013/9/11 Simo Sorce <span dir="ltr"><<a href="mailto:simo@redhat.com" target="_blank">simo@redhat.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div>On Wed, 2013-09-11 at 16:37 -0300,
Christovam Paynes Silva wrote:<br>
> Hello Simo, thanks for the feedback.<br>
> I would use the Samba4 with AD and authenticate my
clients windows in<br>
> FreeIPA.<br>
> Is this possible?<br>
<br>
</div>
It is not possible at this point to combine Samba4 AD and
freeIPA.<br>
<span><font color="#888888"><br>
Simo.<br>
</font></span>
<div>
<div>><br>
> 2013/9/11 Simo Sorce <<a href="mailto:simo@redhat.com" target="_blank">simo@redhat.com</a>><br>
> On Wed, 2013-09-11 at 14:06 -0300,
Christovam Paynes Silva<br>
> wrote:<br>
> > Hello!<br>
> ><br>
> ><br>
> > First I apologize if this topic is
redundant.<br>
> ><br>
> ><br>
> > I'm looking on the implementation of
FreeIPA . Looking for<br>
> the<br>
> > forums , have some comments that
authentication does not<br>
> work with<br>
> > Samba4 . Elsewhere say that that
possibility exists . Today<br>
> we have<br>
> > nearly 200 computers in the domain
with the "Active<br>
> Directory" and one<br>
> > wireless "captive portal" with 1000 +
proxy users .<br>
> ><br>
> > I would like to see if the following
scenario is possible :<br>
> > 1 - Integrating Samba4 with "Active
Directory" , to use<br>
> their GPO and<br>
> > authenticate network users through the
FreeIPA .<br>
> > 2 - Authenticate proxy servers in
FreeIPA .<br>
> > 3 - And if it is possible some
integration with FreeRADIUS<br>
> ><br>
><br>
><br>
> Hi Christovam, it is a bit unclear what you
mean by<br>
> integrating here.<br>
><br>
> Is your intent to use Samba4 as an AD
domain controller for<br>
> your Windows<br>
> client s and IPA for your servers ?<br>
><br>
> If that's the case unfortunately this is
not possible at the<br>
> moment as<br>
> samba4 does not yet support Forest level
trusts.<br>
> A Microsoft AD server can be used this way
instead.<br>
><br>
> Simo.<br>
><br>
> --<br>
> Simo Sorce * Red Hat, Inc * New York<br>
><br>
><br>
><br>
<br>
<br>
--<br>
Simo Sorce * Red Hat, Inc * New York<br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
Freeipa-users mailing list
<a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre><span class=""><font color="#888888">
</font></span></blockquote><span class=""><font color="#888888">
<br>
<br>
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a>
</pre>
</font></span></div>
</blockquote></div><br></div></div>