[Freeipa-users] FreeIPA integrating samba4 + AD

Christovam Paynes Silva christovamps at gmail.com
Thu Sep 12 03:27:47 UTC 2013 

2013/9/11 Dmitri Pal <dpal at redhat.com>

>  On 09/11/2013 04:02 PM, Christovam Paynes Silva wrote:
>
>  It is a pity!
> Thank you!
>
>
>
>
> I did not get a feeling that we understand the whole picture correctly to
> say that we provided the full answer..
>
> What I get from the description:
> 1) Presence of Windows Clients = 100
>

Correct!


>  2) Presence of AD to rule them
>

Correct!

 3) Presence of users (I deduce in AD too, but unclear) = 1000
>

Correct! Users are wirelessly. Use windows and linux without domain.


>  Intent: use open source technologies instead of proprietary solution.
>

That's right!


>
> What is not clear:
> a) Are the users that come through the portal the same users that use
> Windows Clients or not? Is there an overlap?
>

Users are via wireless. Authenticate users on a "captive portal" with
Squid. Customers are windows, linux and without domain.


> b) Is there any kind of Linux servers/machines in the picture?
>

This question was not clear to me.


>
> If you do not have Linux systems and all users can be stored in one place
> it might be that you do not need FreeIPA. It might be that you can solve
> the problem by using Samba4 instead of AD, connecting your clients to it,
> putting your external portal users into a special OU in Samba4, configuring
> FreeRADIUS to use this OU for authentication. Configure your portal to use
> RADIUS.
>


Sorry, I may not have understood the concept of FreeIPA.

I would like to continue using the AD, because of Group Policy Objects
(GPO).
It has the ability to authenticate email services, applications, among
others directly in Samba4?




>
> HTH
>
> Thanks
> Dmitri
>
>
>
>
>
> 2013/9/11 Simo Sorce <simo at redhat.com>
>
>> On Wed, 2013-09-11 at 16:37 -0300, Christovam Paynes Silva wrote:
>> > Hello Simo, thanks for the feedback.
>> > I would use the Samba4 with AD and authenticate my clients windows in
>> > FreeIPA.
>> > Is this possible?
>>
>>  It is not possible at this point to combine Samba4 AD and freeIPA.
>>
>> Simo.
>>  >
>> > 2013/9/11 Simo Sorce <simo at redhat.com>
>> >         On Wed, 2013-09-11 at 14:06 -0300, Christovam Paynes Silva
>> >         wrote:
>> >         > Hello!
>> >         >
>> >         >
>> >         > First I apologize if this topic is redundant.
>> >         >
>> >         >
>> >         > I'm looking on the implementation of FreeIPA . Looking for
>> >         the
>> >         > forums , have some comments that authentication does not
>> >         work with
>> >         > Samba4 . Elsewhere say that that possibility exists . Today
>> >         we have
>> >         > nearly 200 computers in the domain with the "Active
>> >         Directory" and one
>> >         > wireless "captive portal" with 1000 + proxy users .
>> >         >
>> >         > I would like to see if the following scenario is possible :
>> >         > 1 - Integrating Samba4 with "Active Directory" , to use
>> >         their GPO and
>> >         > authenticate network users through the FreeIPA .
>> >         > 2 - Authenticate proxy servers in FreeIPA .
>> >         > 3 - And if it is possible some integration with FreeRADIUS
>> >         >
>> >
>> >
>> >         Hi Christovam, it is a bit unclear what you mean by
>> >         integrating here.
>> >
>> >         Is your intent to use Samba4 as an AD domain controller for
>> >         your Windows
>> >         client s and IPA for your servers ?
>> >
>> >         If that's the case unfortunately this is not possible at the
>> >         moment as
>> >         samba4 does not yet support Forest level trusts.
>> >         A Microsoft AD server can be used this way instead.
>> >
>> >         Simo.
>> >
>> >         --
>> >         Simo Sorce * Red Hat, Inc * New York
>> >
>> >
>> >
>>
>>
>> --
>> Simo Sorce * Red Hat, Inc * New York
>>
>>
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130912/6cfe0418/attachment.htm>

More information about the Freeipa-users mailing list