On Wed, May 25, 2011 at 01:29:41PM -0800, Erinn Looney-Triggs wrote: > On 05/25/2011 01:21 PM, Steven Jones wrote: > > > > As far as I am aware Windows clients can only authenticate against ADs. So > > if you need to authenticate Windows you need a password trust/sync setup > > with AD and yes you need an AD as well as FreeIPA. > No Windows clients can auth against kerberos realms directly and so > should be able to auth again an IPA server as well. It is slightly > complicated and difficult to manage but it can be done.
True, but does not help with the clients fetching ldap data. I think the cross realm setup is a good idea if one wants to run Windows clients and use SSO together with kerberized services on linux/unix: - the windows clients stay hooked up to an AD, so in a supported environment - from following mailinglists I had the impression Microsoft seems to support the scenario - the linux/unix servers can use the IPA and benefit from proper de- bugging tools, having their server OpenSourced etc. Christian _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users