[Freeipa-devel] Mixed environment - MS and NIX

[Dmitri Pal]

Hi Christoffer,

There are different options you have.
You can use Samba 3 to make the UNIX/Linux machines authenticate against AD.
You can use pure FDS as your Linux IDM but IPA is definitely better 
suited for this purpose.
FreeIPA 1.2.1 has the AD synch functionality. I would suggest you 
evaluating this component.
If the capabilities it provides meet your needs then FreeIPA + winsync 
component will be the first choice.
If the functionality is not enough you may consider using winsync that 
comes with FDS but in this case you would have to use bare bones FDS and 
would loose all the advantages of the integration of the FDS+Kerberos 
that IPA provides.

Thank you
Dmitri


Christoffer Strömblad wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi list,
>
> I'm currently doing a "pre-study" for a project where a company is
> trying to standardize their use of Linux into a coherent, centrally
> managed system. Part of this is to manage and authenticate users,
> again centrally.
>
> Now I'm very much in-love with open source software, but as much as
> I'd like to simply provide a separate system for all of this we
> live in a mixed environment and business requirements. One of these
> dreaded requirements is to use AD for authentication.
>
> Now to the questions:
> 1) Is it possible to somehow replicate data from an AD over to
> fedora directory service? (I think this is a yes from what I've
> read)
>
> 2) If yes on 1) will it be possible for Linux computers to
> authenticate against the FDS rather than the AD?
>
> 3) If yes on 2), when updates are made to FreeIPA to implement more
> functionality, will it still be possible to replicate the basic
> user data for authentication without "disturbing" the new
> functionality?
>
> 4) Any alternatives you recommend or suggest me to look into?
>
> Kind regards,
> Christoffer
>
> PS: My apologies if these questions are/were not appropriate for
> the list.
> -----BEGIN PGP SIGNATURE-----
> Charset: UTF8
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 3.0
>
> wpwEAQECAAYFAkl0UXEACgkQoGiwk4tHXN2xBgP/QM6E/yEmg60pOp+jFqXCdZexI7TA
> wMfJIxcVJRcXlYK637AzL7uKWTz0QiOVIdMXORLrYsFxl36zUtHsb3h2jfzbcP63uqPO
> 8TnvMjttTmmP4jjGTdFFPy1PVFLU9gb9KXptzS7mkne8lnFEtRXfHlqQxW17fNgh15m5
> QwiYNOA=
> =BxKf
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>