[Freeipa-users] About Windows client
Dmitri Pal
dpal at redhat.com
Thu Feb 20 15:08:50 UTC 2014
On 02/20/2014 05:55 AM, Alexander Bokovoy wrote:
> On Thu, 20 Feb 2014, Jan Pazdziora wrote:
>> On Wed, Feb 19, 2014 at 05:23:15PM -0500, Dmitri Pal wrote:
>>>
>>> I want to summarize our position regarding joining Windows systems
>>> into IPA.
>>>
>>> 1) If you already have AD we recommend using this system with AD and
>>> using trusts between AD and IPA.
>>> 2) If you do not have AD then use Samba 4 instead of it. It would be
>>> great when Samba 4 grows capability to establish trusts. Right now
>>> it can't but there is an effort going on. If you are interested -
>>> please contribute.
>>> 3) If neither of the two options work for you you can configure
>>> Windows system to work directly with IPA as described on the wiki.
>>> It is an option of last resort because IPA does not provide the
>>> services windows client expects. If this is good enough for you,
>>> fine by us.
>>> 4) Build a native Windows client (cred provider) for IPA using
>>> latest Kerberos. IMO this would be really useful if someone does
>>> that because we will not build this ourselves. With the native OTP
>>> support in IPA it becomes a real business opportunity to provide a
>>> native 2FA inside enterprise across multiple platforms. But please
>>> do it open source way otherwise we would not recommend you ;-)
>>
>> Would it makes sense to make this into a freeipa.org wiki page?
> Yes, to the 'last resort' page, I think.
>
Any volunteers?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list