On Thu, 20 Feb 2014, Dmitri Pal wrote:
On 02/20/2014 05:55 AM, Alexander Bokovoy wrote:
On Thu, 20 Feb 2014, Jan Pazdziora wrote:
On Wed, Feb 19, 2014 at 05:23:15PM -0500, Dmitri Pal wrote:
I want to summarize our position regarding joining Windows
systems into IPA.
1) If you already have AD we recommend using this system with AD and
using trusts between AD and IPA.
2) If you do not have AD then use Samba 4 instead of it. It would be
great when Samba 4 grows capability to establish trusts. Right now
it can't but there is an effort going on. If you are interested -
3) If neither of the two options work for you you can configure
Windows system to work directly with IPA as described on the wiki.
It is an option of last resort because IPA does not provide the
services windows client expects. If this is good enough for you,
fine by us.
4) Build a native Windows client (cred provider) for IPA using
latest Kerberos. IMO this would be really useful if someone does
that because we will not build this ourselves. With the native OTP
support in IPA it becomes a real business opportunity to provide a
native 2FA inside enterprise across multiple platforms. But please
do it open source way otherwise we would not recommend you ;-)
Would it makes sense to make this into a freeipa.org wiki page?
Yes, to the 'last resort' page, I think.
/ Alexander Bokovoy
Freeipa-users mailing list