On Wed, Feb 19, 2014 at 05:23:15PM -0500, Dmitri Pal wrote: > > I want to summarize our position regarding joining Windows systems into IPA. > > 1) If you already have AD we recommend using this system with AD and > using trusts between AD and IPA. > 2) If you do not have AD then use Samba 4 instead of it. It would be > great when Samba 4 grows capability to establish trusts. Right now > it can't but there is an effort going on. If you are interested - > please contribute. > 3) If neither of the two options work for you you can configure > Windows system to work directly with IPA as described on the wiki. > It is an option of last resort because IPA does not provide the > services windows client expects. If this is good enough for you, > fine by us. > 4) Build a native Windows client (cred provider) for IPA using > latest Kerberos. IMO this would be really useful if someone does > that because we will not build this ourselves. With the native OTP > support in IPA it becomes a real business opportunity to provide a > native 2FA inside enterprise across multiple platforms. But please > do it open source way otherwise we would not recommend you ;-)
Would it makes sense to make this into a freeipa.org wiki page? -- Jan Pazdziora Principal Software Engineer, Identity Management Engineering, Red Hat _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
