samba - Dec 2016 - Future AD domain currently want FreeRadius Samba or FreeIPA?

My main home server runs Fedora 25. I have experimented in the past with an
Ubuntu samba AD domain controller(in a VM). Which was really cool because I
could join Windows 10 pro machines to it and assign GPO's just like my AD
at work. Currently I'm looking into setting up a FreeRadius server. I want
to eventually be able to have the same authentication across machines and
wifi and the lot. And I'd like to set up machines using GPO's. It looks
like Fedora is working on getting FreeIPA as the LDAP for AD samba? Is this
correct?

If I set up FreeIPA as my LDAP and connect my FreeRadius server to
authenticate against it; would I then, in the not to distant future, be
able to set up samba to use it for an AD domain that I could set up GPO's
for?

Or would I be better of using my AD DC VM as my LDAP server?

On Fri, 2016-12-02 at 08:28 -0700, Jeff Sadowski via samba
wrote:
> My main home server runs Fedora 25. I have experimented in the past
> with an
> Ubuntu samba AD domain controller(in a VM). Which was really cool
> because I
> could join Windows 10 pro machines to it and assign GPO's just like
> my AD
> at work. Currently I'm looking into setting up a FreeRadius server. I
> want
> to eventually be able to have the same authentication across machines
> and
> wifi and the lot. And I'd like to set up machines using GPO's. It
> looks
> like Fedora is working on getting FreeIPA as the LDAP for AD samba?
> Is this
> correct?
> 
> If I set up FreeIPA as my LDAP and connect my FreeRadius server to
> authenticate against it; would I then, in the not to distant future,
> be
> able to set up samba to use it for an AD domain that I could set up
> GPO's
> for?
No.  Samba can't use another LDAP server as a backend, when acting as
an AD DC.  We may be able to trust it with an inter-forest trust, but
that is a very different thing.
> Or would I be better of using my AD DC VM as my LDAP server?
I think so.

Andrew Bartlett