Hi,

Why do we have openldap on the same course as Samba?

We lost t'he 'centralized auth' ldap part when LPIC 301 passed away.

IMHO, FreeIPA would make a lot more sense in this de facto 'Centralized Authentication Services' LPIc rather than in LPIc 3 security.

Regards,



Sent from my Mi phone
On Bryan Smith <b.j.sm...@ieee.org>, Sep 20, 2016 2:41 AM wrote:

Policies?  That's really a 100% Windows client aspect.

I don't see how it has anything to do with POSIX (UNIX/Linux), and
requires an entire discussion of Windows client assumptions, from the
NT Local Security Authority (LSA) on down.  Furthermore, on the AD
Forest side, even Samba4 has limited, AD Forest support and related
tree/domain delegation/trust.  Most of its limited support has been
hacked in from IPA contributions (long story).  It's really a topic
for Microsoft's dedicated policy and security exams in their tracks.

Again, it's a Windows aspect, because AD schema is only designed to
manage Windows schema.**  The only non-Windows, like POSIX, support
with Policy Objects are all costly, proprietary add-ons.  I haven't
seen a free one yet.  The free ones only provide similar functionality
to SSSD and, more legcy, Winbindd.  And even when it comes to basic
IETF 2307bis -- aka Identity Management for UNIX (IDMU), Microsoft has
announced they are no longer going to provide it with Windows 10.**

-- bjs

**P.S.  In-a-nutshell, Microsoft has all but agreed Red Hat has the
right idea by using IPA domains, keeping POSIX objects and schema
_away_ from AD, because AD admins don't install/use IDMU, much less
populate.  It's much easier to use AD Forest Trusts between AD domains
and IPA domains, with AD admins designating what AD resources external
IPA groups have access to, and vice-versa.

On Mon, Sep 19, 2016 at 8:11 PM, alexbm...@gmail.com
<alexbm...@gmail.com> wrote:
> Gentlemen,
>
> It would be interesting to insert GPO referring to samba.
>
> To: Relevance of NT4 domains vs. AD domains.
>
>
>
>
>
>
> On 09/18/2016 01:07 PM, Bryan Smith wrote:
>
> Well, Samba 3 and Samba 4 aren't much different.  The protocol in
> Samba 4 is the same as Samba 3.
>
> Samba 4 introduces the DC option, but not all distros include it.
> E.g., Red Hat has gone the IPA route for AD Forest Trusts, instead of
> allowing a Samba Server to be a DC in a native AD Forest.
>
>
> On Sun, Sep 18, 2016 at 9:17 AM, G. Matthew Rice <m...@starnix.com> wrote:
>
> +1 for these changes...samba 3 should definitely go.
>
> I know there are a lot of samba3 installs still out there....but there
> shouldn't be. :)
>
>
> On Sep 17, 2016 2:17 PM, "Fabian Thorns" <ftho...@lpi.org> wrote:
>
> Dear all,
>
> taking a look at
>
>   https://wiki.lpi.org/wiki/LPIC-3_300_Objectives_V1
>
> You will notice that it's time to review the current LPIC-300 objectives
> to ensure they are still up to date. Therefore I'd like you all to share
> your thoughts about our current objectives with the list, including wishes
> what should be changed in the next update. We have however to obey that it
> will be "minor update", so we can't fundamentally turn the while exam
> around.
>
> Some things we should discuss from my point of view would be:
>
>  * Relevance of NT4 domains vs. AD domains
>  * Same for NBNS vs. DNS
>  * Shift from Samba 3 to Samba 4 (which shouldn't cause too much trouble,
> though)
>
> However, I don't want to limit the discussion on these points. Just go
> ahead and point out what you think. As usual, I will comment when necessary
> and condense all the comments into a draft for potential updated objectives
> which we will then review altogether again.
>
> Looking forward to an interesting discussion,
>
> Fabian
>
>
> _______________________________________________
> lpi-examdev mailing list
> lpi-examdev@lpi.org
> http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
>
> _______________________________________________
> lpi-examdev mailing list
> lpi-examdev@lpi.org
> http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
>
>
>
> --
> Alex Clemente
> 11 979919870
> a.clementesi...@uol.com.br
> alexbm...@gmail.com
> Analista Linux e Unix
> Instrutor Linux e Open Source
> Alex Clemente
> 11 979919870
> a.clementesi...@uol.com.br
> alexbm...@gmail.com
> Analista Linux e Unix
> Instrutor Linux e Open Source
> Linux+ – CompTIA Linux+ (Powered by LPI)
> SUSE CLA 11 – Certified Linux Administrator
> SUSE CLP 12 – Certified Linux Professional
> SUSE 11 Tech Espec – Technical Especialist
> LPIC-1 – Linux Professional Institute Certified Level 1
> LPIC-2 – Linux Professional Institute Certified Level 2
>
>
> _______________________________________________
> lpi-examdev mailing list
> lpi-examdev@lpi.org
> http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev

--

--
Bryan J Smith  -  http://www.linkedin.com/in/bjsmith
E-mail:  b.j.smith at ieee.org  or  me at bjsmith.me
_______________________________________________
lpi-examdev mailing list
lpi-examdev@lpi.org
http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev

_______________________________________________
lpi-examdev mailing list
lpi-examdev@lpi.org
http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev

Reply via email to