On Thu, 06 Aug 2015, Christopher Lamb wrote:
Hi Matt

As far as I can make out, there are at least 2 viable Samba / FreeIPA
integration paths.

The route I took is suited where there is no Active Directory involved: In
my case all the Windows, OSX and Linux clients are islands that sit on the
same network.

The route that Youenn has taken (unless I have got completely the wrong end
of the stick) requires Active Directory in the architecture.
Yes, you are at the wrong end of the stick. You don't need AD in the
architecture here. You can reuse IPA design for AD integration via trust
for normal Samba integration but use ipasam.so instead of ldapsam.so.
This is what Youenn did. The only way we don't support it (yet) is
because we think doing a longer term solution via SSSD and NTLMSSP
support is better scalability vise -- your SSSD client is already having
LDAP connection and is already holding identity mappings in the cache so
there is no need to run separate LDAP connection in smbd/winbindd for
that and cache the same data in a different way.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to