[Freeipa-devel] Windows Interop/Samba Integration

Simo Sorce ssorce at redhat.com
Fri Feb 15 14:43:50 UTC 2008 

On Fri, 2008-02-08 at 14:19 -0500, Marc Richards wrote:
> Simo Sorce wrote:
> > On Fri, 2008-02-08 at 12:47 -0500, Marc Richards wrote:
> >   
> >> What is the plan for Windows Interop and Samba integration in FreeIPA, 
> >> particularly as it relates to people who don't have Active Directory. I 
> >> noticed that the 1.0 Requirements doc specifies the following: 
> >>
> >> "[Req11.2] IPA clients: The windows client will rely on the IPA server 
> >> for account information and Authentication services. The IPA server will 
> >> act as an NT4 style domain controller. Only NTLM authentication will be 
> >> supported in this release, no Kerberos" [1]
> >>     
> >
> > We had to drop this requirement for v1.0
> > We are evaluating various solutions involving either samba3 or samba4
> > for following versions, but have still not settled on a definitive
> > choice.
> >   
> Thanks for the prompt response.  Any chance of some kind of wiki 
> document for manually achieving this kind of setup with 1.0?

I don't think I want to have yet another guide on how to set up samba
manually with LDAP honestly, there are many already. But we want
seamless integration at some point. When we achieve that then we will
add documentation specific to our integration.

>  Seems to 
> me like there might be a number of people interested in the use case. Is 
> it much more than setting up Samba as an NT4 style domain controller and 
> using freeIPA as the backend?

No not really, the only difference from many other installations is that
you should make samba sync the password via ldap and let FreeIPA handle
everything including generation of NT/LM hashes.

> Could I then tell an samba based file 
> server hosted on another box to use the users and groups from the 
> "freeIPA Samba server"?

Yes, there should be no problem with that.

> If you don't have time to document it on the wiki some links to point in 
> the right direction would be appreciated.

I am sure we have a bunch of docs at http://www.samba.org/samba/docs

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-devel mailing list