[Freeipa-users] FreeIPA integrating samba4 + AD
Christovam Paynes Silva
christovamps at gmail.com
Thu Sep 12 03:27:47 UTC 2013
2013/9/11 Dmitri Pal <dpal at redhat.com>
> On 09/11/2013 04:02 PM, Christovam Paynes Silva wrote:
>
> It is a pity!
> Thank you!
>
>
>
>
> I did not get a feeling that we understand the whole picture correctly to
> say that we provided the full answer..
>
> What I get from the description:
> 1) Presence of Windows Clients = 100
>
Correct!
> 2) Presence of AD to rule them
>
Correct!
3) Presence of users (I deduce in AD too, but unclear) = 1000
>
Correct! Users are wirelessly. Use windows and linux without domain.
> Intent: use open source technologies instead of proprietary solution.
>
That's right!
>
> What is not clear:
> a) Are the users that come through the portal the same users that use
> Windows Clients or not? Is there an overlap?
>
Users are via wireless. Authenticate users on a "captive portal" with
Squid. Customers are windows, linux and without domain.
> b) Is there any kind of Linux servers/machines in the picture?
>
This question was not clear to me.
>
> If you do not have Linux systems and all users can be stored in one place
> it might be that you do not need FreeIPA. It might be that you can solve
> the problem by using Samba4 instead of AD, connecting your clients to it,
> putting your external portal users into a special OU in Samba4, configuring
> FreeRADIUS to use this OU for authentication. Configure your portal to use
> RADIUS.
>
Sorry, I may not have understood the concept of FreeIPA.
I would like to continue using the AD, because of Group Policy Objects
(GPO).
It has the ability to authenticate email services, applications, among
others directly in Samba4?
>
> HTH
>
> Thanks
> Dmitri
>
>
>
>
>
> 2013/9/11 Simo Sorce <simo at redhat.com>
>
>> On Wed, 2013-09-11 at 16:37 -0300, Christovam Paynes Silva wrote:
>> > Hello Simo, thanks for the feedback.
>> > I would use the Samba4 with AD and authenticate my clients windows in
>> > FreeIPA.
>> > Is this possible?
>>
>> It is not possible at this point to combine Samba4 AD and freeIPA.
>>
>> Simo.
>> >
>> > 2013/9/11 Simo Sorce <simo at redhat.com>
>> > On Wed, 2013-09-11 at 14:06 -0300, Christovam Paynes Silva
>> > wrote:
>> > > Hello!
>> > >
>> > >
>> > > First I apologize if this topic is redundant.
>> > >
>> > >
>> > > I'm looking on the implementation of FreeIPA . Looking for
>> > the
>> > > forums , have some comments that authentication does not
>> > work with
>> > > Samba4 . Elsewhere say that that possibility exists . Today
>> > we have
>> > > nearly 200 computers in the domain with the "Active
>> > Directory" and one
>> > > wireless "captive portal" with 1000 + proxy users .
>> > >
>> > > I would like to see if the following scenario is possible :
>> > > 1 - Integrating Samba4 with "Active Directory" , to use
>> > their GPO and
>> > > authenticate network users through the FreeIPA .
>> > > 2 - Authenticate proxy servers in FreeIPA .
>> > > 3 - And if it is possible some integration with FreeRADIUS
>> > >
>> >
>> >
>> > Hi Christovam, it is a bit unclear what you mean by
>> > integrating here.
>> >
>> > Is your intent to use Samba4 as an AD domain controller for
>> > your Windows
>> > client s and IPA for your servers ?
>> >
>> > If that's the case unfortunately this is not possible at the
>> > moment as
>> > samba4 does not yet support Forest level trusts.
>> > A Microsoft AD server can be used this way instead.
>> >
>> > Simo.
>> >
>> > --
>> > Simo Sorce * Red Hat, Inc * New York
>> >
>> >
>> >
>>
>>
>> --
>> Simo Sorce * Red Hat, Inc * New York
>>
>>
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130912/6cfe0418/attachment.htm>
More information about the Freeipa-users
mailing list