[Freeipa-users] FreeIPA as domain controller?
Alexander Bokovoy
abokovoy at redhat.com
Mon Oct 17 10:14:10 UTC 2016
On ma, 17 loka 2016, Brian Candler wrote:
>Sorry if this is a frequently asked question, but it's not easy to
>find a simple answer.
>
>* Can I use FreeIPA (v4) as a domain controller for Windows machines
>to join?
No.
>* If not, what's the recommended free/open solution? Would it be to
>set up a Samba4 domain controller, and then set up cross-realm trust
>between FreeIPA and Samba4?
Yes.
We are not yet at the point you could use IPA-hosted identities to login
to Windows machines joined to AD, though, regardless which AD
implementation it is.
>(That is: assuming I want central AAA for both Linux boxes and Windows
>boxes)
>
>Things I found:
>
>* http://www.freeipa.org/page/About
>
>... but it only mentions FreeIPA v2 and v3
>
>* https://sambaxp.org/archive_data/SambaXP2016-SLIDES/thu/track2/sambaxp2016-thu-track2-Alexander_Bokovoy-Andreas_Schneider-SambaAndFreeIPAAnUpdateOnActiveDirectoryIntegration.pdf
>
>... report on work-in-progress. It does say:
>
>" FreeIPA Domain Controller is unlike Samba AD → Windows cannot be
>joined to FreeIPA". But it's not clear if this is an eventual goal,
>or whether it's likely to remain this way.
Eventual goal is to allow IPA-hosted identities to be used to login to
Windows machines joined to Samba AD.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list