[Freeipa-users] About Windows client
Alexander Bokovoy
abokovoy at redhat.com
Thu Feb 20 15:17:27 UTC 2014
On Thu, 20 Feb 2014, Dmitri Pal wrote:
>On 02/20/2014 05:55 AM, Alexander Bokovoy wrote:
>>On Thu, 20 Feb 2014, Jan Pazdziora wrote:
>>>On Wed, Feb 19, 2014 at 05:23:15PM -0500, Dmitri Pal wrote:
>>>>
>>>>I want to summarize our position regarding joining Windows
>>>>systems into IPA.
>>>>
>>>>1) If you already have AD we recommend using this system with AD and
>>>>using trusts between AD and IPA.
>>>>2) If you do not have AD then use Samba 4 instead of it. It would be
>>>>great when Samba 4 grows capability to establish trusts. Right now
>>>>it can't but there is an effort going on. If you are interested -
>>>>please contribute.
>>>>3) If neither of the two options work for you you can configure
>>>>Windows system to work directly with IPA as described on the wiki.
>>>>It is an option of last resort because IPA does not provide the
>>>>services windows client expects. If this is good enough for you,
>>>>fine by us.
>>>>4) Build a native Windows client (cred provider) for IPA using
>>>>latest Kerberos. IMO this would be really useful if someone does
>>>>that because we will not build this ourselves. With the native OTP
>>>>support in IPA it becomes a real business opportunity to provide a
>>>>native 2FA inside enterprise across multiple platforms. But please
>>>>do it open source way otherwise we would not recommend you ;-)
>>>
>>>Would it makes sense to make this into a freeipa.org wiki page?
>>Yes, to the 'last resort' page, I think.
>>
>Any volunteers?
Done.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list