[Freeipa-devel] Windows Interop/Samba Integration

[Simo Sorce]

On Fri, 2008-02-08 at 12:47 -0500, Marc Richards wrote:
> What is the plan for Windows Interop and Samba integration in FreeIPA, 
> particularly as it relates to people who don't have Active Directory. I 
> noticed that the 1.0 Requirements doc specifies the following: 
> 
> "[Req11.2] IPA clients: The windows client will rely on the IPA server 
> for account information and Authentication services. The IPA server will 
> act as an NT4 style domain controller. Only NTLM authentication will be 
> supported in this release, no Kerberos" [1]

We had to drop this requirement for v1.0
We are evaluating various solutions involving either samba3 or samba4
for following versions, but have still not settled on a definitive
choice.

> But I can't find anything in the docs that indicates how to achieve that 
> setup.  At the end of that same document I find the following seemingly 
> contradictory statement: "The IPA product will not be able to provide 
> authentication services for Windows file and print services"
> 
> I can't find much else in the 1.2 or 2.0 Requirements docs either.
> 
> So what is the current plan for 1.0, 1.2 and 2.0?  Simply providing a 
> how-to for using IPA as a backend for Samba?  Or will there be more than 
> that? I was really hoping that IPA was going to take away all the pain 
> of setting up central authentication for a small office with a mix of 
> Windows, OS X and Linux clients.  I definitely don't want to have to 
> deal with (or pay for) Active Directory/Server 2003.

OS X can use IPA as is apparently, for Windows the problem is the tight
integration this client has with AD, esp when it comes to auth vs third
servers, this client limitation is the real problem, we are deciding how
to tackle it.

> Marc
> 
> [1] http://www.freeipa.org/page/V1PRD#.5BReq11.5D_Windows_interop
> 
> P.S. Please CC me in your replies.  Thanks.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York