I don't do a lot of work with Samba, other than fairly vanilla
implementations, but can comment on the IPA/FreeIPA that has been
included in the security cert. The issue I have IPA/FreeIPA is the only
distro that supports it is Fedora/Feroda and is largely unsupported in
the rest of them. Seems like a distro specific feature?

On 21/09/2016 06:11, Kenneth Peiruza wrote:
> Hi,
>
> Why do we have openldap on the same course as Samba?
>
> We lost t'he 'centralized auth' ldap part when LPIC 301 passed away.
>
> IMHO, FreeIPA would make a lot more sense in this de facto
> 'Centralized Authentication Services' LPIc rather than in LPIc 3 security.
>
> Regards,
>
>
>
> Sent from my Mi phone
> On Bryan Smith <b.j.sm...@ieee.org>, Sep 20, 2016 2:41 AM wrote:
>
>     Policies?  That's really a 100% Windows client aspect.
>
>     I don't see how it has anything to do with POSIX (UNIX/Linux), and
>     requires an entire discussion of Windows client assumptions, from the
>     NT Local Security Authority (LSA) on down.  Furthermore, on the AD
>     Forest side, even Samba4 has limited, AD Forest support and related
>     tree/domain delegation/trust.  Most of its limited support has been
>     hacked in from IPA contributions (long story).  It's really a topic
>     for Microsoft's dedicated policy and security exams in their tracks.
>
>     Again, it's a Windows aspect, because AD schema is only designed to
>     manage Windows schema.**  The only non-Windows, like POSIX, support
>     with Policy Objects are all costly, proprietary add-ons.  I haven't
>     seen a free one yet.  The free ones only provide similar functionality
>     to SSSD and, more legcy, Winbindd.  And even when it comes to basic
>     IETF 2307bis -- aka Identity Management for UNIX (IDMU), Microsoft has
>     announced they are no longer going to provide it with Windows 10.**
>
>     -- bjs
>
>     **P.S.  In-a-nutshell, Microsoft has all but agreed Red Hat has the
>     right idea by using IPA domains, keeping POSIX objects and schema
>     _away_ from AD, because AD admins don't install/use IDMU, much less
>     populate.  It's much easier to use AD Forest Trusts between AD domains
>     and IPA domains, with AD admins designating what AD resources external
>     IPA groups have access to, and vice-versa.
>
>     On Mon, Sep 19, 2016 at 8:11 PM, alexbm...@gmail.com
>     <mailto:alexbm...@gmail.com>
>     <alexbm...@gmail.com <mailto:alexbm...@gmail.com>> wrote:
>     > Gentlemen,
>     >
>     > It would be interesting to insert GPO referring to samba.
>     >
>     > To: Relevance of NT4 domains vs. AD domains.
>     >
>     >
>     >
>     >
>     >
>     >
>     > On 09/18/2016 01:07 PM, Bryan Smith wrote:
>     >
>     > Well, Samba 3 and Samba 4 aren't much different.  The protocol in
>     > Samba 4 is the same as Samba 3.
>     >
>     > Samba 4 introduces the DC option, but not all distros include it.
>     > E.g., Red Hat has gone the IPA route for AD Forest Trusts,
>     instead of
>     > allowing a Samba Server to be a DC in a native AD Forest.
>     >
>     >
>     > On Sun, Sep 18, 2016 at 9:17 AM, G. Matthew Rice
>     <m...@starnix.com <mailto:m...@starnix.com>> wrote:
>     >
>     > +1 for these changes...samba 3 should definitely go.
>     >
>     > I know there are a lot of samba3 installs still out there....but
>     there
>     > shouldn't be. :)
>     >
>     >
>     > On Sep 17, 2016 2:17 PM, "Fabian Thorns" <ftho...@lpi.org
>     <mailto:ftho...@lpi.org>> wrote:
>     >
>     > Dear all,
>     >
>     > taking a look at
>     >
>     >   https://wiki.lpi.org/wiki/LPIC-3_300_Objectives_V1
>     >
>     > You will notice that it's time to review the current LPIC-300
>     objectives
>     > to ensure they are still up to date. Therefore I'd like you all
>     to share
>     > your thoughts about our current objectives with the list,
>     including wishes
>     > what should be changed in the next update. We have however to
>     obey that it
>     > will be "minor update", so we can't fundamentally turn the while
>     exam
>     > around.
>     >
>     > Some things we should discuss from my point of view would be:
>     >
>     >  * Relevance of NT4 domains vs. AD domains
>     >  * Same for NBNS vs. DNS
>     >  * Shift from Samba 3 to Samba 4 (which shouldn't cause too much
>     trouble,
>     > though)
>     >
>     > However, I don't want to limit the discussion on these points.
>     Just go
>     > ahead and point out what you think. As usual, I will comment
>     when necessary
>     > and condense all the comments into a draft for potential updated
>     objectives
>     > which we will then review altogether again.
>     >
>     > Looking forward to an interesting discussion,
>     >
>     > Fabian
>     >
>     >
>     > _______________________________________________
>     > lpi-examdev mailing list
>     > lpi-examdev@lpi.org <mailto:lpi-examdev@lpi.org>
>     > http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
>     >
>     > _______________________________________________
>     > lpi-examdev mailing list
>     > lpi-examdev@lpi.org <mailto:lpi-examdev@lpi.org>
>     > http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
>     >
>     >
>     >
>     > --
>     > Alex Clemente
>     > 11 979919870
>     > a.clementesi...@uol.com.br <mailto:a.clementesi...@uol.com.br>
>     > alexbm...@gmail.com <mailto:alexbm...@gmail.com>
>     > Analista Linux e Unix
>     > Instrutor Linux e Open Source
>     > Alex Clemente
>     > 11 979919870
>     > a.clementesi...@uol.com.br <mailto:a.clementesi...@uol.com.br>
>     > alexbm...@gmail.com <mailto:alexbm...@gmail.com>
>     > Analista Linux e Unix
>     > Instrutor Linux e Open Source
>     > Linux+ – CompTIA Linux+ (Powered by LPI)
>     > SUSE CLA 11 – Certified Linux Administrator
>     > SUSE CLP 12 – Certified Linux Professional
>     > SUSE 11 Tech Espec – Technical Especialist
>     > LPIC-1 – Linux Professional Institute Certified Level 1
>     > LPIC-2 – Linux Professional Institute Certified Level 2
>     >
>     >
>     > _______________________________________________
>     > lpi-examdev mailing list
>     > lpi-examdev@lpi.org <mailto:lpi-examdev@lpi.org>
>     > http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
>
>     -- 
>
>     --
>     Bryan J Smith  -  http://www.linkedin.com/in/bjsmith
>     E-mail:  b.j.smith at ieee.org <http://ieee.org>  or  me at
>     bjsmith.me <http://bjsmith.me>
>     _______________________________________________
>     lpi-examdev mailing list
>     lpi-examdev@lpi.org <mailto:lpi-examdev@lpi.org>
>     http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
>
>
>
> _______________________________________________
> lpi-examdev mailing list
> lpi-examdev@lpi.org
> http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev

-- 



--
Mark Clarke
📱  +2711-781 8014
�  www.JumpingBean.co.za
_______________________________________________
lpi-examdev mailing list
lpi-examdev@lpi.org
http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev

Reply via email to