[Freeipa-users] IPA, Samba and AD

Fred van Zwieten fvzwieten at vxcompany.com
Sat Sep 21 19:07:26 UTC 2013 

Hold on. This has, in principle, nothing to do with FreeIPA. I have a SAMBA
server that I make a NT-4 style PDC en build a trust with an AD domain. The
only thing is that the SAMBA service runs on a server that is an
IPA-client. In this setup the system is member of IPA and the SAMBA service
running on it is member of it's own NT-4 Domain. Afaik NT-4 style domains
do nothing with kerberos nor with DNS. So, no name clashes.

Correct?


Met vriendelijke groeten,
*
Fred van Zwieten
*
*Enterprise Open Source Services*
*
Consultant*
*(woensdags afwezig)*

*VX Company IT Services B.V.*
*T* (035) 539 09 50 mobiel (06) 41 68 28 48
*F* (035) 539 09 08
*E* fvzwieten at vxcompany.com
*I*  www.vxcompany.com

Seeing, contrary to popular wisdom, isn’t believing. It’s where belief
stops, because it isn’t needed any more.. (Terry Pratchett)


On Sat, Sep 21, 2013 at 11:51 AM, Alexander Bokovoy <abokovoy at redhat.com>wrote:

> On Sat, 21 Sep 2013, Fred van Zwieten wrote:
> >OK,
> >
> >I know this is an old thread, but I just got a new idea.
> >
> >What if I create a NT4 style domain on our SAMBA servers, So I have a
> Samba
> >NT4 style PDC. Then I create a NT4 style trust with the AD domain. This
> >way, I don't use kerberos nor DNS SRV records, both of which are needed if
> >I would go the AD route. But now, users from the AD domain can access
> Samba
> >shares.
> >
> >Correct?
> This is not supported yet. We only now working on making subdomains of
> an AD trust supported in FreeIPA 3.4. However, that only includes normal
> Kerberos-based domains since the whole trust story is around Kerbreros
> trust.
>
> Samba work on full trust support is on roadmap --
> https://wiki.samba.org/index.php/Samba_Next_Goals#Trust_support but
> there is quite a lot work to acomplish all needed goals.
>
> Once that part is done, Samba AD domains will be supporting cross-forest
> trusts and therefore will work with FreeIPA out of the box.
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130921/f650113a/attachment.htm>

More information about the Freeipa-users mailing list