[Freeipa-devel] Windows Interop/Samba Integration
Ahmed Kamal
email.ahmedkamal at googlemail.com
Fri Feb 8 20:53:23 UTC 2008
Unfortunately Windows is a part of any reasonably sized network, even small
ones. Being as dumb as it is, it doesn't wanna talk to anything except their
own Active Directory.
Not sure whether this might be a viable options, but did anyone test pGina.
In short, it's like PAM for Windows, with many plugins to handle different
sources of authentication. If we couple that with some kind of on-server
user profiles automounting, we have some sort of domain for windows. I'm not
sure though, if Windows can recognize all domain users/groups, as the way I
understand pGina works, is by creating a local user after authenticating
them over the network. It's ugly, but I thought I would mention it too.
Of course the king would be samba4 ... waiting ....
On Feb 8, 2008 9:19 PM, Marc Richards <email.marc at gmail.com> wrote:
> Simo Sorce wrote:
> > On Fri, 2008-02-08 at 12:47 -0500, Marc Richards wrote:
> >
> >> What is the plan for Windows Interop and Samba integration in FreeIPA,
> >> particularly as it relates to people who don't have Active Directory. I
> >> noticed that the 1.0 Requirements doc specifies the following:
> >>
> >> "[Req11.2] IPA clients: The windows client will rely on the IPA server
> >> for account information and Authentication services. The IPA server
> will
> >> act as an NT4 style domain controller. Only NTLM authentication will be
> >> supported in this release, no Kerberos" [1]
> >>
> >
> > We had to drop this requirement for v1.0
> > We are evaluating various solutions involving either samba3 or samba4
> > for following versions, but have still not settled on a definitive
> > choice.
> >
> Thanks for the prompt response. Any chance of some kind of wiki
> document for manually achieving this kind of setup with 1.0? Seems to
> me like there might be a number of people interested in the use case. Is
> it much more than setting up Samba as an NT4 style domain controller and
> using freeIPA as the backend? Could I then tell an samba based file
> server hosted on another box to use the users and groups from the
> "freeIPA Samba server"?
>
> If you don't have time to document it on the wiki some links to point in
> the right direction would be appreciated.
>
>
> Marc
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080208/15e75bd0/attachment.htm>
More information about the Freeipa-devel
mailing list