[Freeipa-users] FreeIPA integrating samba4 + AD
Dmitri Pal
dpal at redhat.com
Wed Sep 11 21:21:32 UTC 2013
On 09/11/2013 04:02 PM, Christovam Paynes Silva wrote:
> It is a pity!
> Thank you!
I did not get a feeling that we understand the whole picture correctly
to say that we provided the full answer..
What I get from the description:
1) Presence of Windows Clients = 100
2) Presence of AD to rule them
3) Presence of users (I deduce in AD too, but unclear) = 1000
Intent: use open source technologies instead of proprietary solution.
What is not clear:
a) Are the users that come through the portal the same users that use
Windows Clients or not? Is there an overlap?
b) Is there any kind of Linux servers/machines in the picture?
If you do not have Linux systems and all users can be stored in one
place it might be that you do not need FreeIPA. It might be that you can
solve the problem by using Samba4 instead of AD, connecting your clients
to it, putting your external portal users into a special OU in Samba4,
configuring FreeRADIUS to use this OU for authentication. Configure your
portal to use RADIUS.
HTH
Thanks
Dmitri
>
>
> 2013/9/11 Simo Sorce <simo at redhat.com <mailto:simo at redhat.com>>
>
> On Wed, 2013-09-11 at 16:37 -0300, Christovam Paynes Silva wrote:
> > Hello Simo, thanks for the feedback.
> > I would use the Samba4 with AD and authenticate my clients
> windows in
> > FreeIPA.
> > Is this possible?
>
> It is not possible at this point to combine Samba4 AD and freeIPA.
>
> Simo.
> >
> > 2013/9/11 Simo Sorce <simo at redhat.com <mailto:simo at redhat.com>>
> > On Wed, 2013-09-11 at 14:06 -0300, Christovam Paynes Silva
> > wrote:
> > > Hello!
> > >
> > >
> > > First I apologize if this topic is redundant.
> > >
> > >
> > > I'm looking on the implementation of FreeIPA . Looking for
> > the
> > > forums , have some comments that authentication does not
> > work with
> > > Samba4 . Elsewhere say that that possibility exists .
> Today
> > we have
> > > nearly 200 computers in the domain with the "Active
> > Directory" and one
> > > wireless "captive portal" with 1000 + proxy users .
> > >
> > > I would like to see if the following scenario is
> possible :
> > > 1 - Integrating Samba4 with "Active Directory" , to use
> > their GPO and
> > > authenticate network users through the FreeIPA .
> > > 2 - Authenticate proxy servers in FreeIPA .
> > > 3 - And if it is possible some integration with FreeRADIUS
> > >
> >
> >
> > Hi Christovam, it is a bit unclear what you mean by
> > integrating here.
> >
> > Is your intent to use Samba4 as an AD domain controller for
> > your Windows
> > client s and IPA for your servers ?
> >
> > If that's the case unfortunately this is not possible at the
> > moment as
> > samba4 does not yet support Forest level trusts.
> > A Microsoft AD server can be used this way instead.
> >
> > Simo.
> >
> > --
> > Simo Sorce * Red Hat, Inc * New York
> >
> >
> >
>
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130911/e1cba6c0/attachment.htm>
More information about the Freeipa-users
mailing list