[Freeipa-users] About Windows client
Alexander Bokovoy
abokovoy at redhat.com
Thu Feb 20 10:55:07 UTC 2014
On Thu, 20 Feb 2014, Jan Pazdziora wrote:
>On Wed, Feb 19, 2014 at 05:23:15PM -0500, Dmitri Pal wrote:
>>
>> I want to summarize our position regarding joining Windows systems into IPA.
>>
>> 1) If you already have AD we recommend using this system with AD and
>> using trusts between AD and IPA.
>> 2) If you do not have AD then use Samba 4 instead of it. It would be
>> great when Samba 4 grows capability to establish trusts. Right now
>> it can't but there is an effort going on. If you are interested -
>> please contribute.
>> 3) If neither of the two options work for you you can configure
>> Windows system to work directly with IPA as described on the wiki.
>> It is an option of last resort because IPA does not provide the
>> services windows client expects. If this is good enough for you,
>> fine by us.
>> 4) Build a native Windows client (cred provider) for IPA using
>> latest Kerberos. IMO this would be really useful if someone does
>> that because we will not build this ourselves. With the native OTP
>> support in IPA it becomes a real business opportunity to provide a
>> native 2FA inside enterprise across multiple platforms. But please
>> do it open source way otherwise we would not recommend you ;-)
>
>Would it makes sense to make this into a freeipa.org wiki page?
Yes, to the 'last resort' page, I think.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list