On Mon, 2008-12-22 at 15:43 +0300, Konstantin Kozlov
wrote:> Hello,
>
> I want to try Samba4 using a working FreeIPA setup as LDAP/Kerberos
> backend. Did anybody try it already? Or are there some known issues
> about such combination?
While there are some ideas about how Samba4 might bring windows client
support to FreeIPA, this isn't something even remotely possible at this
time.
The particular sticking points are that Windows clients expect an
AD-like LDAP and Kerberos server, not MIT kerberos and Fedora DS (with
FreeIPA schema). Samba4 can happily provide these services, but then
the FreeIPA clients will see an AD LDAP server.
I suspect the long-term solution will be to have Samba4 provide the KDC
and the LDAP server, and have FreeIPA clients know to use the LDAP
server on another IP address or port. (But I also know this proposed
solution will infuriate others).
The only part of this solution currently available is the LDAP backend,
which allows Samba4 to use an OpenLDAP or (less-well-supported) Fedora
DS server as a data store, using the AD schema.
Sorry,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20090106/396e233e/attachment.bin