[Freeipa-users] freeipa-samba integration and windows clients
Dylan Evans
devans01 at gmail.com
Wed May 13 15:16:24 UTC 2015
Hi Dimitri & Jakub,
Yes for us it is use case. Non-domain logins / NTLMSSP support in SSSD
is the final component we seem to need to allow Windows clients from a
non-trusted AD domain to access Samba shares using a username and
password combination, without having to use Kerberos.
IPA and SSSD is a phenomenal body of work that has huge potential, all
your work is much appreciated.
Thanks, Dylan.
On 12 May 2015 at 17:47, Dmitri Pal <dpal at redhat.com> wrote:
> On 05/12/2015 07:03 AM, Dylan Evans wrote:
>>
>> Hi Jakub,
>>
>> It's good to know it's going to happen, let's hope it gets into 1.13
>> and everyone has a very productive summer!
>>
>> I've been watching IPA for a couple of years and this is the last
>> thing that's preventing it from being implemented in our production
>> environment.
>
>
> So is this use case the main reason of needing NTLMSSP support or there are
> some other use cases that drive this requirement?
> Can you please share them?
>
>
>> Thanks,
>>
>> Dylan.
>>
>> On 11 May 2015 at 20:42, John Obaterspok <john.obaterspok at gmail.com>
>> wrote:
>>>
>>> I have about the same setup:
>>>
>>> This is the setup (everything is up-to-date):
>>> - ipa-server: F21, ipa-server 4.1, samba 4.1
>>> - win-client: Windows 7 Home Premium
>>>
>>> I tried to enroll the win-client in the domain but failed on the windows
>>> side due to home editions not being able to join a domain.
>>> But I can still access shares from the win-client by user/pwd
>>>
>>> The only difference in my setup is that I use samba server on the
>>> ipa-server
>>> itself.
>>>
>>> -- john
>>>
>>> 2015-05-10 19:02 GMT+02:00 Jakub Hrozek <jhrozek at redhat.com>:
>>>>
>>>> On Thu, May 07, 2015 at 03:30:06PM +0100, Dylan Evans wrote:
>>>>>
>>>>> By coincidence I posted a very similar question yesterday -
>>>>> https://www.redhat.com/archives/freeipa-users/2015-May/msg00103.html.
>>>>>
>>>>> +1 for the necessary support for out-of-domain Windows clients and
>>>>> NTLMSSP.
>>>>>
>>>>> Is there a time-table for this?
>>>>
>>>> It is a nice-to-have feature for the next SSSD version (1.13, this
>>>> summber),
>>>> but my hopes are not high that we're going to make it. I think 1.14 is
>>>> more
>>>> realistic.
>>>>
>>>> --
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project
>>>
>>>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Director of Engineering for IdM portfolio
> Red Hat, Inc.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list