On Sat, 21 Sep 2013, Fred van Zwieten wrote:
OK,
I know this is an old thread, but I just got a new idea.
What if I create a NT4 style domain on our SAMBA servers, So I have a Samba
NT4 style PDC. Then I create a NT4 style trust with the AD domain. This
way, I don't use kerberos nor DNS SRV records, both of which are needed if
I would go the AD route. But now, users from the AD domain can access Samba
shares.
Correct?
This is not supported yet. We only now working on making subdomains of
an AD trust supported in FreeIPA 3.4. However, that only includes normal
Kerberos-based domains since the whole trust story is around Kerbreros
trust.
Samba work on full trust support is on roadmap --
https://wiki.samba.org/index.php/Samba_Next_Goals#Trust_support but
there is quite a lot work to acomplish all needed goals.
Once that part is done, Samba AD domains will be supporting cross-forest
trusts and therefore will work with FreeIPA out of the box.
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
