On Thu, Nov 4, 2021, 3:37 PM David Mulder via samba <samba at
lists.samba.org>
wrote:
>
>
> On 11/3/21 7:45 AM, Cyrus via samba wrote:
> > Thanks a lot. For this environment we have a 20/80 distribution, being
> 80%
> > Linux servers, workstations & kiosks.
> >
> > Windows is indeed limited to some limited administrative user group
> (higher
> > management & accounting department).
> >
> > I'm find with the dual realm, with all the users on one side &
trust
> > between both parties.
> >
> > Probably it makes sense to go dual setup in this case. Sudoers &
HBAC
> feel
> > more convenient with FreeIPAs WGUI/CLI.
>
> Samba sudoers and hbac are deployed via either `samba-tool gpo` command
> or Windows RSAT. It's no less convenient than the FreeIPA tools.
>
There is a reason I mentioned that this depends on the relationship between
how many Linux (in reality 'unixy' OSs) vs Windows you have. If you are
mainly a Linux shop with a few Windows, the need to use a Windows client
for some management functions is definitely an inconvenience. Nothing more
convenient that a browser GUI.
Don't get me wrong, I understand that reason for the lack of open GUIs to
manage Samba AD is a community issue, mainly contributions. Ah! And having
to reverse engineer MS protocols and file formats.
> --
> *David Mulder*
> Labs Software Engineer, Samba
> SUSE
> 1800 Novell Place
> Provo, UT 84606
> (P)+1 801.861.6571
> dmulder at suse.com
> <http://www.suse.com/>
>
>
>
>