[Samba] Future AD domain currently want FreeRadius Samba or FreeIPA?
Andrew Bartlett
abartlet at samba.org
Fri Dec 2 18:35:11 UTC 2016
On Fri, 2016-12-02 at 08:28 -0700, Jeff Sadowski via samba wrote:
> My main home server runs Fedora 25. I have experimented in the past
> with an
> Ubuntu samba AD domain controller(in a VM). Which was really cool
> because I
> could join Windows 10 pro machines to it and assign GPO's just like
> my AD
> at work. Currently I'm looking into setting up a FreeRadius server. I
> want
> to eventually be able to have the same authentication across machines
> and
> wifi and the lot. And I'd like to set up machines using GPO's. It
> looks
> like Fedora is working on getting FreeIPA as the LDAP for AD samba?
> Is this
> correct?
>
> If I set up FreeIPA as my LDAP and connect my FreeRadius server to
> authenticate against it; would I then, in the not to distant future,
> be
> able to set up samba to use it for an AD domain that I could set up
> GPO's
> for?
No. Samba can't use another LDAP server as a backend, when acting as
an AD DC. We may be able to trust it with an inter-forest trust, but
that is a very different thing.
> Or would I be better of using my AD DC VM as my LDAP server?
I think so.
Andrew Bartlett
More information about the samba
mailing list