[Freeipa-users] samba4 and freeipa

[Kozlov]

Dmitri Pal пишет:
> Konstantin Kozlov wrote:
>> Hello,
>>
>> Did anybody try to integrate samba4 and freeipa?
>>
>> Does samba4 work with directory server and kerberos from freeipa 
>> installation? Or ipa-winsync is a better solution?
>>
>> Is there any code maybe in alpha stage for such integration?
>>
>> Best regards,
>>
> This is something we plan to do down the road but in distant future.
> We are investigating possible architectures. One of them is having IPA 
> and Samba share the same DS and Kerberos.
> There are several obstacles on this path.  Samba 4 and IPA tree 
> structures are very different.
> Samba follows the AD tree structure. So there should be some kind of 
> remapping. We are thinking that Penrose can be the answer but we did not 
> have time to try it yet.
> The second part is  Kerberos. Samba 4 uses Heimdal implementation while 
> we use MIT.
> Heimdal is a bit more advanced in features at the moment and Samba 4 
> takes advantage of it but MIT is building the same set of features so 
> they should become feature aligned soon.
> Once we start talking about alternatives that  do not share the same 
> data store some sort of sync would be required.
> ipa-winsync is the answer for now. But there might be others.
> 
> So to summarize the AD/Samba/IPA integration is a complex issue. 
> ipa-winsync is what we have so far but we are working in this direction.
> Solution is not anticipated in IPA v2, at best v3, so some time late 
> 2010 early 2011, may be even later.
> 

Thank you very much for information!

So for now the best way will be to setup a separate samba4 with another 
realm and sync realm with ipa-winsync. Is the latter known to work in 
this combination?

Best regards,

Konstantin

> Thanks
> Dmitri
> 
> __________ NOD32 3688 (20081212) Information __________
> 
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
> 
> 
>