[Freeipa-users] samba4 and freeipa

Dmitri Pal dpal at redhat.com
Mon Dec 22 17:28:15 UTC 2008 

Kozlov wrote:
> Dmitri Pal пишет:
>> Konstantin Kozlov wrote:
>>> Hello,
>>>
>>> Did anybody try to integrate samba4 and freeipa?
>>>
>>> Does samba4 work with directory server and kerberos from freeipa 
>>> installation? Or ipa-winsync is a better solution?
>>>
>>> Is there any code maybe in alpha stage for such integration?
>>>
>>> Best regards,
>>>
>> This is something we plan to do down the road but in distant future.
>> We are investigating possible architectures. One of them is having 
>> IPA and Samba share the same DS and Kerberos.
>> There are several obstacles on this path.  Samba 4 and IPA tree 
>> structures are very different.
>> Samba follows the AD tree structure. So there should be some kind of 
>> remapping. We are thinking that Penrose can be the answer but we did 
>> not have time to try it yet.
>> The second part is  Kerberos. Samba 4 uses Heimdal implementation 
>> while we use MIT.
>> Heimdal is a bit more advanced in features at the moment and Samba 4 
>> takes advantage of it but MIT is building the same set of features so 
>> they should become feature aligned soon.
>> Once we start talking about alternatives that  do not share the same 
>> data store some sort of sync would be required.
>> ipa-winsync is the answer for now. But there might be others.
>>
>> So to summarize the AD/Samba/IPA integration is a complex issue. 
>> ipa-winsync is what we have so far but we are working in this direction.
>> Solution is not anticipated in IPA v2, at best v3, so some time late 
>> 2010 early 2011, may be even later.
>>
>
> Thank you very much for information!
>
> So for now the best way will be to setup a separate samba4 with 
> another realm and sync realm with ipa-winsync. Is the latter known to 
> work in this combination?


I am not sure anyone tried it so far.



>
> Best regards,
>
> Konstantin
>
>> Thanks
>> Dmitri
>>
>> __________ NOD32 3688 (20081212) Information __________
>>
>> This message was checked by NOD32 antivirus system.
>> http://www.eset.com
>>
>>
>>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list