[Freeipa-users] About Windows client
Jan Pazdziora
jpazdziora at redhat.com
Thu Feb 20 10:38:44 UTC 2014
On Wed, Feb 19, 2014 at 05:23:15PM -0500, Dmitri Pal wrote:
>
> I want to summarize our position regarding joining Windows systems into IPA.
>
> 1) If you already have AD we recommend using this system with AD and
> using trusts between AD and IPA.
> 2) If you do not have AD then use Samba 4 instead of it. It would be
> great when Samba 4 grows capability to establish trusts. Right now
> it can't but there is an effort going on. If you are interested -
> please contribute.
> 3) If neither of the two options work for you you can configure
> Windows system to work directly with IPA as described on the wiki.
> It is an option of last resort because IPA does not provide the
> services windows client expects. If this is good enough for you,
> fine by us.
> 4) Build a native Windows client (cred provider) for IPA using
> latest Kerberos. IMO this would be really useful if someone does
> that because we will not build this ourselves. With the native OTP
> support in IPA it becomes a real business opportunity to provide a
> native 2FA inside enterprise across multiple platforms. But please
> do it open source way otherwise we would not recommend you ;-)
Would it makes sense to make this into a freeipa.org wiki page?
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-users
mailing list