Hold on. This has, in principle, nothing to do with FreeIPA. I have a SAMBA
server that I make a NT-4 style PDC en build a trust with an AD domain. The
only thing is that the SAMBA service runs on a server that is an
IPA-client. In this setup the system is member of IPA and the SAMBA service
running on it is member of it's own NT-4 Domain. Afaik NT-4 style domains
do nothing with kerberos nor with DNS. So, no name clashes.
Met vriendelijke groeten,
Fred van Zwieten
*Enterprise Open Source Services*
*VX Company IT Services B.V.*
*T* (035) 539 09 50 mobiel (06) 41 68 28 48
*F* (035) 539 09 08
Seeing, contrary to popular wisdom, isn’t believing. It’s where belief
stops, because it isn’t needed any more.. (Terry Pratchett)
On Sat, Sep 21, 2013 at 11:51 AM, Alexander Bokovoy <aboko...@redhat.com>wrote:
> On Sat, 21 Sep 2013, Fred van Zwieten wrote:
> >I know this is an old thread, but I just got a new idea.
> >What if I create a NT4 style domain on our SAMBA servers, So I have a
> >NT4 style PDC. Then I create a NT4 style trust with the AD domain. This
> >way, I don't use kerberos nor DNS SRV records, both of which are needed if
> >I would go the AD route. But now, users from the AD domain can access
> This is not supported yet. We only now working on making subdomains of
> an AD trust supported in FreeIPA 3.4. However, that only includes normal
> Kerberos-based domains since the whole trust story is around Kerbreros
> Samba work on full trust support is on roadmap --
> https://wiki.samba.org/index.php/Samba_Next_Goals#Trust_support but
> there is quite a lot work to acomplish all needed goals.
> Once that part is done, Samba AD domains will be supporting cross-forest
> trusts and therefore will work with FreeIPA out of the box.
> / Alexander Bokovoy
Freeipa-users mailing list