[Freeipa-users] Some interrogations about the freeipa deployment

[Alexander Bokovoy]

On Tue, 22 Jan 2013, Bob Sauvage wrote:
>Hi *,
>
> I plan to review the network architecture of my office. 10
> Windows/Linux desktops and 2 Linux servers will be deployed on the
> network.
>
> I want to install freeipa on the first server to act like an AD DS. I
Just to make sure we are using same terms, are you talking about Active
Directory Directory Service or Active Directory Domain Controller?

The latter mode (being an AD DC for Windows clients) is not supported by
FreeIPA v3.0/3.1.

The former mode is supported to the level of Kerberos authentication.
You would be able to configure MIT Kerberos for Windows to authenticate
against FreeIPA and use those tickets against Linux resources.
However, Windows servers will not be able to provide authenticated
access using those tickets since they would not be able to assign access
rights to any FreeIPA user due to missing identity information as
required by Windows. You could get around of the issue by manually
mapping appropriate Kerberos identities to local Windows users on each
machine.

-- 
/ Alexander Bokovoy