Hold on. This has, in principle, nothing to do with FreeIPA. I have a SAMBA server that I make a NT-4 style PDC en build a trust with an AD domain. The only thing is that the SAMBA service runs on a server that is an IPA-client. In this setup the system is member of IPA and the SAMBA service running on it is member of it's own NT-4 Domain. Afaik NT-4 style domains do nothing with kerberos nor with DNS. So, no name clashes.
Correct? Met vriendelijke groeten, * Fred van Zwieten * *Enterprise Open Source Services* * Consultant* *(woensdags afwezig)* *VX Company IT Services B.V.* *T* (035) 539 09 50 mobiel (06) 41 68 28 48 *F* (035) 539 09 08 *E* [email protected] *I* www.vxcompany.com Seeing, contrary to popular wisdom, isn’t believing. It’s where belief stops, because it isn’t needed any more.. (Terry Pratchett) On Sat, Sep 21, 2013 at 11:51 AM, Alexander Bokovoy <[email protected]>wrote: > On Sat, 21 Sep 2013, Fred van Zwieten wrote: > >OK, > > > >I know this is an old thread, but I just got a new idea. > > > >What if I create a NT4 style domain on our SAMBA servers, So I have a > Samba > >NT4 style PDC. Then I create a NT4 style trust with the AD domain. This > >way, I don't use kerberos nor DNS SRV records, both of which are needed if > >I would go the AD route. But now, users from the AD domain can access > Samba > >shares. > > > >Correct? > This is not supported yet. We only now working on making subdomains of > an AD trust supported in FreeIPA 3.4. However, that only includes normal > Kerberos-based domains since the whole trust story is around Kerbreros > trust. > > Samba work on full trust support is on roadmap -- > https://wiki.samba.org/index.php/Samba_Next_Goals#Trust_support but > there is quite a lot work to acomplish all needed goals. > > Once that part is done, Samba AD domains will be supporting cross-forest > trusts and therefore will work with FreeIPA out of the box. > > -- > / Alexander Bokovoy >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
