[Freeipa-users] IPA, Samba and AD
Alexander Bokovoy
abokovoy at redhat.com
Sat Sep 21 09:51:30 UTC 2013
On Sat, 21 Sep 2013, Fred van Zwieten wrote:
>OK,
>
>I know this is an old thread, but I just got a new idea.
>
>What if I create a NT4 style domain on our SAMBA servers, So I have a Samba
>NT4 style PDC. Then I create a NT4 style trust with the AD domain. This
>way, I don't use kerberos nor DNS SRV records, both of which are needed if
>I would go the AD route. But now, users from the AD domain can access Samba
>shares.
>
>Correct?
This is not supported yet. We only now working on making subdomains of
an AD trust supported in FreeIPA 3.4. However, that only includes normal
Kerberos-based domains since the whole trust story is around Kerbreros
trust.
Samba work on full trust support is on roadmap --
https://wiki.samba.org/index.php/Samba_Next_Goals#Trust_support but
there is quite a lot work to acomplish all needed goals.
Once that part is done, Samba AD domains will be supporting cross-forest
trusts and therefore will work with FreeIPA out of the box.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list