[Freeipa-users] samba4 and freeipa
Dmitri Pal
dpal at redhat.com
Mon Dec 22 17:28:15 UTC 2008
Kozlov wrote:
> Dmitri Pal пишет:
>> Konstantin Kozlov wrote:
>>> Hello,
>>>
>>> Did anybody try to integrate samba4 and freeipa?
>>>
>>> Does samba4 work with directory server and kerberos from freeipa
>>> installation? Or ipa-winsync is a better solution?
>>>
>>> Is there any code maybe in alpha stage for such integration?
>>>
>>> Best regards,
>>>
>> This is something we plan to do down the road but in distant future.
>> We are investigating possible architectures. One of them is having
>> IPA and Samba share the same DS and Kerberos.
>> There are several obstacles on this path. Samba 4 and IPA tree
>> structures are very different.
>> Samba follows the AD tree structure. So there should be some kind of
>> remapping. We are thinking that Penrose can be the answer but we did
>> not have time to try it yet.
>> The second part is Kerberos. Samba 4 uses Heimdal implementation
>> while we use MIT.
>> Heimdal is a bit more advanced in features at the moment and Samba 4
>> takes advantage of it but MIT is building the same set of features so
>> they should become feature aligned soon.
>> Once we start talking about alternatives that do not share the same
>> data store some sort of sync would be required.
>> ipa-winsync is the answer for now. But there might be others.
>>
>> So to summarize the AD/Samba/IPA integration is a complex issue.
>> ipa-winsync is what we have so far but we are working in this direction.
>> Solution is not anticipated in IPA v2, at best v3, so some time late
>> 2010 early 2011, may be even later.
>>
>
> Thank you very much for information!
>
> So for now the best way will be to setup a separate samba4 with
> another realm and sync realm with ipa-winsync. Is the latter known to
> work in this combination?
I am not sure anyone tried it so far.
>
> Best regards,
>
> Konstantin
>
>> Thanks
>> Dmitri
>>
>> __________ NOD32 3688 (20081212) Information __________
>>
>> This message was checked by NOD32 antivirus system.
>> http://www.eset.com
>>
>>
>>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list