[Samba] Samba4 + FreeIPA

Robert Marcano robert at marcanoonline.com
Wed Nov 3 13:09:22 UTC 2021

On 11/3/21 7:07 AM, Cyrus via samba wrote:
> Good morning,
> I'm in the need to implement an Identity service for a mixed environment
> with Windows workstations & Linux systems with a common set of users.
> Would it be possible to implement Samba4 for the MS Windows realm and
> FreeIPA for the linux machines (where I expect to make use of HBAC &
> sudoers support)?.

Yes, it is possible, but you will not get a single realm, you will have 
at least two and will need to setup cross realm trusts.

As another replies have stated, you can do much of what you need with 
Samba alone.

Unless you Linux clients and servers outnumber your Windows 
workstations, going with Samba AD alone is probably your best bet, 
because you are already immersed on the Windows client world, you will 
not have too much problem with having the need to use a Windows client 
to manage some of Samba AD features.

On the other hand, if your fleet of machines is mainly Linux, like some 
of my installations where Windows is restricted to some management or 
special users that require it, while the other majority is full of OLTP 
application users running Linux. I would go with the dual installation, 
there are features that FreeIPA gives on these environments like an 
integrated Certificate authority and automated certificate distribution 
and renewal, that will requiredmanual integration on a Samba AD 

> Would make sense to have all the users in Samba4 or the other way around
> (all users in FreeIPA).
> Any advice would be appreciated.
> Regards,
> CI.-

More information about the samba mailing list