On Wed, May 25, 2011 at 01:29:41PM -0800, Erinn Looney-Triggs wrote:
> On 05/25/2011 01:21 PM, Steven Jones wrote:
> > As far as I am aware Windows clients can only authenticate against ADs. So
> > if you need to authenticate Windows you need a password trust/sync setup
> > with AD and yes you need an AD as well as FreeIPA.
> No Windows clients can auth against kerberos realms directly and so
> should be able to auth again an IPA server as well. It is slightly
> complicated and difficult to manage but it can be done.
True, but does not help with the clients fetching ldap data.
I think the cross realm setup is a good idea if one wants to run Windows
clients and use SSO together with kerberized services on linux/unix:
- the windows clients stay hooked up to an AD, so in a supported
- from following mailinglists I had the impression Microsoft seems to
support the scenario
- the linux/unix servers can use the IPA and benefit from proper de-
bugging tools, having their server OpenSourced etc.
Freeipa-users mailing list