On Mon, 2012-12-17 at 22:48 -0500, William Muriithi wrote: > > > I know this may be a loaded question, but I am asking it anyways. > > > > > > > > > Can anyone tell me what the current status and future plan for > IPA / > > > Samba 4 is? > > > > We plan to support setting up trusts with Samba4 just like we do > with AD > > when Samba4 will start supporting Cross-forest trusts. It currently > > doesn't. > > > > Simo. > > > Yes, its amazing samba4 has finally gone GA. Plan to set up an > instance as a backup AD to existing AD some day when I get some time. > Not well documented though, wish there was well writen book on it. > Anyway backup AD would be the best way to set some experience I am > assuming > > A related question, would there be any need to have a replica when > using trust if the AD is just one instance? What I am asking in > another way is, if the AD fail, wouldn't the FreeIPA fail to > authenticate users till AD issues are fixed?
It depends on the case. In general the answer would be yes, however. - if you already have a cross-realm TGT you should still be able to access all IPA services as the AD KDC is not required until a renew is necessary. - if you do password based logins then sssd may cache offline credentials and still let you in (but you will not have a TGT, so you may not use kerberized services). Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users