On 11/3/21 7:07 AM, Cyrus via samba wrote:> Good morning,
>
> I'm in the need to implement an Identity service for a mixed
environment
> with Windows workstations & Linux systems with a common set of users.
>
> Would it be possible to implement Samba4 for the MS Windows realm and
> FreeIPA for the linux machines (where I expect to make use of HBAC &
> sudoers support)?.
Yes, it is possible, but you will not get a single realm, you will have
at least two and will need to setup cross realm trusts.
As another replies have stated, you can do much of what you need with
Samba alone.
Unless you Linux clients and servers outnumber your Windows
workstations, going with Samba AD alone is probably your best bet,
because you are already immersed on the Windows client world, you will
not have too much problem with having the need to use a Windows client
to manage some of Samba AD features.
On the other hand, if your fleet of machines is mainly Linux, like some
of my installations where Windows is restricted to some management or
special users that require it, while the other majority is full of OLTP
application users running Linux. I would go with the dual installation,
there are features that FreeIPA gives on these environments like an
integrated Certificate authority and automated certificate distribution
and renewal, that will requiredmanual integration on a Samba AD
installation.
>
> Would make sense to have all the users in Samba4 or the other way around
> (all users in FreeIPA).
>
> Any advice would be appreciated.
>
> Regards,
> CI.-
>