On Mon, 2012-12-17 at 22:48 -0500, William Muriithi wrote:
> > > I know this may be a loaded question, but I am asking it anyways.
> > >
> > >
> > > Can anyone tell me what the current status and future plan for
> IPA /
> > > Samba 4 is?
> >
> > We plan to support setting up trusts with Samba4 just like we do
> with AD
> > when Samba4 will start supporting Cross-forest trusts. It currently
> > doesn't.
> >
> > Simo.
> >
> Yes, its amazing samba4 has finally gone GA. Plan to set up an
> instance as a backup AD to existing AD some day when I get some time.
> Not well documented though,  wish there was well writen book on it.
> Anyway backup AD would be the best way to set some experience I am
> assuming 
> A related question, would there be any need to have a replica when
> using trust if the AD is just one instance?  What I am asking in
> another way is, if the AD fail, wouldn't the FreeIPA fail to
> authenticate users till AD issues are fixed?

It depends on the case.

In general the answer would be yes, however.
- if you already have a cross-realm TGT you should still be able to
access all IPA services as the AD KDC is not required until a renew is
- if you do password based logins then sssd may cache offline
credentials and still let you in (but you will not have a TGT, so you
may not use kerberized services).


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to